{"vuid":"VU#914793","idnumber":"914793","name":"PhpWiki fails to properly restrict uploaded files","keywords":["PhpWiki","remote code execution","port 8081","UpLoad.php","php3","php4"],"overview":"PhpWiki fails to properly restrict uploaded files, which can allow a remote attacker to execute arbitrary commands on a vulnerable system.","clean_desc":"PhpWiki is Wiki software that is implemented in PHP. PhpWiki includes an \"UpLoad\" feature that allows users to upload files. Files with a .php extension are not permitted, however other extensions are allowed. This can allow an attacker to upload a file that can be processed by PHP on the PhpWiki server. Note that this vulnerability is being actively exploited.","impact":"A remote attacker may be able to execute arbitrary PHP code on a vulnerable server. This can allow arbitrary command execution on the system.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Disallow uploads PhpWiki can be configured to disallow uploads by moving or removing lib/plugin/UpLoad.php. Restrict uploads of PHP files This vulnerability can be mitigated by restricting the ability to upload PHP files. This can be accomplished by adding the following lines to the list of disallowed extensions: .php\n.phtml\n.php3\n.php4\n.php5\nNote that this list may not be exhaustive. Other web server and PHP configurations may allow other file extensions to be processed by PHP.","sysaffected":"","thanks":"Thanks to Reini Urban  for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://www.nabble.com/Important-UpLoad-security-fix!-was--Fwd:--phpwiki---Open-Discussion--RE:-upload-security-risk--t3543463.html","http://secunia.com/advisories/24888/"],"cveids":["CVE-2007-2024"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-04-12T15:42:46Z","publicdate":"2007-04-08T00:00:00Z","datefirstpublished":"2007-04-12T20:07:32Z","dateupdated":"2007-04-13T14:47:41Z","revision":9,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"13","cam_exploitation":"14","cam_internetinfrastructure":"12","cam_population":"6","cam_impact":"17","cam_easeofexploitation":"19","cam_attackeraccessrequired":"13","cam_scorecurrent":"18.4231125","cam_scorecurrentwidelyknown":"21.729825","cam_scorecurrentwidelyknownexploited":"24.56415","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":18.4231125,"vulnote":null}