Description
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.
Exploits (1)
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://www.g00ns-forum.net/showthread.php?t=9388
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/45426
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24609
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4099
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35022
Scores
EPSS
0.0478
EPSS Percentile
89.5%
Details
Status
published
Products (9)
e107/e107
0.7
e107/e107
0.7.1
e107/e107
0.7.2
e107/e107
0.7.3
e107/e107
0.7.4
e107/e107
0.7.5
e107/e107
0.7.6
e107/e107
0.7.7
e107/e107
0.7.8
Published
Jun 27, 2007
Tracked Since
Feb 18, 2026