Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Uber Uploader Subscribe
Filtered by product Uber Uploader
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0123 1 Uber Uploader 1 Uber Uploader 2018-10-16 6.8 MEDIUM N/A
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.
CVE-2007-6676 1 Uber Uploader 1 Uber Uploader 2018-10-15 5.0 MEDIUM N/A
The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and (b) uber_uploader_file.php, related to uber_uploader_file.js, a different issue than CVE-2007-0123. NOTE: the vendor disputes the severity of the issue, noting that it is the administrator's responsibility to "add file extensions that you may or may not want uploaded."