CVE-2007-4026

N/A Unknown
Published: July 26, 2007 Modified: April 23, 2026
View on NVD

Description

epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://osvdb.org/38600
Source: cve@mitre.org
http://secunia.com/advisories/26175
Source: cve@mitre.org
Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=527102
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/35596
Source: cve@mitre.org
http://osvdb.org/38600
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/26175
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=527102
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/35596
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.8%
75th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

telaxus_llc