CVE-2004-2262

e107 <0.617 - RCE

Title source: llm

Description

ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by sysbug · perlwebappsphp

https://www.exploit-db.com/exploits/704

View Code ZIP pw:eip

References (7)

[Broken Link, Patch] http://e107.org/comment.php?comment.news.672

[Broken Link, Vendor Advisory] http://secunia.com/advisories/13657

[Broken Link, Exploit, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1012657

[Broken Link] http://www.osvdb.org/12586

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/12111

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18670

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/704

Scores

EPSS 0.2187

EPSS Percentile 95.7%

Classification

CWE

CWE-434

Status draft

Affected Products (1)

e107/e107 < 0.617

Timeline

Published Dec 31, 2004

Tracked Since Feb 18, 2026