Vulnerability Details : CVE-2010-0996
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2010-0996
Probability of exploitation activity in the next 30 days: 2.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0996
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
nvd@nist.gov |
References for CVE-2010-0996
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/57932
e107 .php.filetypesphp extension file upload CVE-2010-0996 Vulnerability Report
-
http://e107.org/svn_changelog.php?version=0.7.20
Invalid page - e107 v2 Bootstrap CMS
-
http://www.securityfocus.com/archive/1/510805/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/39540
e107 Avatar/Photograph Arbitrary File Upload Vulnerability
-
http://www.vupen.com/english/advisories/2010/0919
Webmail | OVH- OVHVendor Advisory
-
http://e107.org/comment.php?comment.news.864
Patch;Vendor Advisory
Products affected by CVE-2010-0996
- cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.04:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.05:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.21:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.553:beta:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.4:beta2:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.4:beta1:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.551:beta:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.552:beta:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.4:beta4:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.4:beta3:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.547:beta:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.554:beta:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.555:beta:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.3:beta2:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.3:beta:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.548:beta:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:0.549:beta:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.4:beta6:*:*:*:*:*:*
- cpe:2.3:a:e107:e107:5.4:beta5:*:*:*:*:*:*