Unrestricted File Upload in Pluxml Affects Multiple PHP Systems
CVE-2007-3432

Currently unrated

Key Information:

Vendor: Pluxml
Status: Pluxml
Vendor: CVE Published:; 27 June 2007

What is CVE-2007-3432?

The unrestricted file upload vulnerability in Pluxml 0.3.1 allows remote attackers to exploit the admin/images.php script, enabling them to upload and execute arbitrary PHP code disguised as .jpg files. This critical flaw poses a significant risk to system integrity as it can lead to unauthorized access and compromise of the web application. Organizations using this version should implement immediate measures to address this vulnerability.

References

http://www.securityfocus.com/archive/1/472205/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://osvdb.org/42420

vdb-entryx_refsource_OSVDB

https://www.exploit-db.com/exploits/4096

exploitx_refsource_EXPLOIT-DB

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 27, 2007
Vulnerability Reserved
Jun 26, 2007

JSON