CVE-2007-2214 in DmCMSinfo

Summary

by MITRE

Unrestricted file upload vulnerability in includes/upload_file.php in DmCMS allows remote attackers to upload arbitrary PHP scripts by placing a script s contents in both the File2 and File3 parameters, and sending a ok.php?do=act Referer.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 08/11/2017

The vulnerability identified as CVE-2007-2214 represents a critical unrestricted file upload flaw within the DmCMS content management system. This weakness resides in the includes/upload_file.php script which fails to properly validate file types and content before storing uploaded files on the server. The vulnerability is particularly dangerous because it allows remote attackers to execute arbitrary code by uploading malicious PHP scripts, effectively granting them full control over the affected web server. The attack vector specifically exploits the system's handling of File2 and File3 parameters, which are processed without adequate sanitization or type checking mechanisms.

The technical implementation of this vulnerability stems from insufficient input validation and improper file handling practices within the DmCMS application. When attackers submit files through the File2 and File3 parameters, the system does not verify the file extensions, MIME types, or actual content of the uploaded files. This lack of validation creates an opportunity for attackers to upload PHP web shells or other malicious scripts that can be executed directly by the web server. The additional requirement of sending a specific Referer header with the payload ok.php?do=act further demonstrates how the application's access control mechanisms are inadequate, as the system fails to properly authenticate or authorize file upload operations based on the request context.

The operational impact of this vulnerability is severe and multifaceted, affecting both the confidentiality and integrity of the affected system. Attackers who successfully exploit this vulnerability can gain persistent access to the web server, potentially leading to complete system compromise, data theft, and unauthorized access to sensitive information. The vulnerability also poses significant risks to the availability of services, as attackers can deploy malware or backdoors that may remain undetected for extended periods. From a security compliance standpoint, this vulnerability violates fundamental principles of secure coding practices and would likely result in failed security audits under standards such as iso/iec 27001 or pci dss requirements.

Organizations affected by this vulnerability should implement immediate mitigations including restricting file upload functionality to authenticated users only, implementing strict file type validation, and ensuring proper file extension filtering. The system should enforce content-based file validation rather than relying solely on file extensions, and all uploaded files should be stored in a non-executable directory with appropriate access controls. Additionally, the application should implement proper input sanitization and validation for all parameters, including the Referer header, to prevent manipulation of the upload process. This vulnerability aligns with CWE-434 which describes the weakness of unrestricted upload of file with dangerous type, and represents a clear violation of ATT&CK technique T1190 for "Exploit Public-Facing Application" and T1059 for "Command and Scripting Interpreter" through PHP script execution.

Reservation

04/24/2007

Disclosure

04/24/2007

Moderation

accepted

Entry

VDB-36374

CPE

ready

Exploit

Download

EPSS

0.01402

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!