CVE-2007-6479

Published: Dec 20, 2007Modified: Apr 23, 2026

4.9

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Exploitability: 6.8 / Impact: 4.9

Source: NVD

Description

Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.

Affected (1)

Products: Dokeos: Dokeos

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dokeos Dokeos	Version 1.8.4

Related CWEs

References (8)

http://secunia.com/advisories/28154

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/26940

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/39148

Source: cve@mitre.org

https://www.exploit-db.com/exploits/4753

Source: cve@mitre.org

http://secunia.com/advisories/28154

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/26940

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/39148

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/4753

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.