CVE-2007-6479 Information

Description

Unrestricted file upload vulnerability in the \My productions\ component for main/auth/profile.php (aka the \My profile\ page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension which can then be accessed through a URI under main/upload/users/.

Reference

http://secunia.com/advisories/28154 http://www.securityfocus.com/bid/26940 https://exchange.xforce.ibmcloud.com/vulnerabilities/39148 https://www.exploit-db.com/exploits/4753