CVE-2007-5738 - Vulnerability Details - OpenCVE

The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ghlab	Korean Ghboard

Configuration 1 [-]

cpe:2.3:a:ghlab:korean_ghboard:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/38920
http://securityreason.com/securityalert/3325
http://www.securityfocus.com/archive/1/482687/100/0/threaded
http://www.securityfocus.com/bid/26182

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-30T23:00:00

Updated: 2024-08-07T15:39:13.693Z

Reserved: 2007-10-30T00:00:00

Link: CVE-2007-5738

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-10-30T23:46:00.000

Modified: 2024-11-21T00:38:35.207

Link: CVE-2007-5738

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26182", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26182"}, {"name": "3325", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3325"}, {"name": "20071023 Korean GHBoard Multiple Vulnerabilities by Xcross87", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482687/100/0/threaded"}, {"name": "38920", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38920"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5738", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26182", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26182"}, {"name": "3325", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3325"}, {"name": "20071023 Korean GHBoard Multiple Vulnerabilities by Xcross87", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482687/100/0/threaded"}, {"name": "38920", "refsource": "OSVDB", "url": "http://osvdb.org/38920"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.693Z"}, "title": "CVE Program Container", "references": [{"name": "26182", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26182"}, {"name": "3325", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3325"}, {"name": "20071023 Korean GHBoard Multiple Vulnerabilities by Xcross87", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482687/100/0/threaded"}, {"name": "38920", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/38920"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5738", "datePublished": "2007-10-30T23:00:00", "dateReserved": "2007-10-30T00:00:00", "dateUpdated": "2024-08-07T15:39:13.693Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ghlab:korean_ghboard:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA4F9618-9546-451F-A618-BEF6EB13473E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html."}, {"lang": "es", "value": "El componente FlashUpload en Korean GHBoard utiliza un mecanismo de protecci\u00f3n del lado del cliente en prevenir las actualizaciones de extensiones de archivos peligrosas, lo cual permite a atacantes remotos evitar las restricciones y actualizar archivos de su elecci\u00f3n a trav\u00e9s de la modificaci\u00f3n de una copia de component/flashupload/upload.html."}], "id": "CVE-2007-5738", "lastModified": "2024-11-21T00:38:35.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-30T23:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/38920"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3325"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482687/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/26182"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/38920"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482687/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/26182"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}