{
  "id": "CVE-2007-0764",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-02-06T02:28:00.000",
  "lastModified": "2017-10-19T01:30:04.613",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de env\u00edo de archivos no restringido en F3Site 2.1 y anteriores permite a administradores autenticados remotamente enviar y ejecutar secuencias de comandos PHP de su elecci\u00f3n mediante la cabecera GIF86 en un archivo en el par\u00e1metro uplf, que puede ser accedido m\u00e1s tarde mediante un nombre de ruta relativo en el par\u00e1metro dir de adm.php."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f3site:f3site:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C63C8A03-34F1-442C-8073-5E7A75DF57F0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://osvdb.org/34669",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32189",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.exploit-db.com/exploits/3255",
      "source": "cve@mitre.org"
    }
  ]
}