CVE-2007-4026

critical

Description

epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35596

http://sourceforge.net/project/shownotes.php?release_id=527102

http://secunia.com/advisories/26175

http://osvdb.org/38600

Details

Source: Mitre, NVD

Published: 2007-07-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00548