CVE-2007-0123 : Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attack

Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.

Published 2007-01-09 02:28:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-0123

Uber Uploader » Uber Uploader » Version: 4.2
cpe:2.3:a:uber_uploader:uber_uploader:4.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-0123

EPSS FAQ

0.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 48 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-0123

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2007-0123

Jump to

Vulnerability Details : CVE-2007-0123

Products affected by CVE-2007-0123

Exploit prediction scoring system (EPSS) score for CVE-2007-0123

CVSS scores for CVE-2007-0123

References for CVE-2007-0123