CVE-2007-5156

Name: CVE-2007-5156
Creator: NVD / NIST
Published: 2007-10-01T05:17:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 8.00%

Last modified Jun 16, 2026

CVE-2007-5156 is a vulnerability of currently unknown severity. Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.. EPSS estimates a 8.00% chance of exploitation in the next 30 days.

Description

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.

Metrics

EPSS Probability

8.00%

94.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Cardinal Cms Project	Cardinal Cms	1.2	—
Redlinesoft	Lanai Cms	<= 1.2.16	—
Sitex Cms Project	Sitex Cms	0.7.3	Beta
Syntax Cms Project	Syntax Cms	<= 1.3	—

References

http://dev.fckeditor.net/changeset/973Vendor Advisory
http://dev.fckeditor.net/ticket/1325Vendor Advisory
http://downloads.securityfocus.com/vulnerabilities/exploits/30677.phpBroken Link
http://secunia.com/advisories/27123Third Party Advisory
http://secunia.com/advisories/27174Third Party Advisory
http://securityreason.com/securityalert/3182Exploit, Third Party Advisory
http://sourceforge.net/forum/forum.php?forum_id=743930Broken Link
http://sourceforge.net/project/shownotes.php?release_id=546000Broken Link
http://www.securityfocus.com/archive/1/480830/100/0/threadedExploit, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/29422Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/30677Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/3464Third Party Advisory
http://www.vupen.com/english/advisories/2007/3465Third Party Advisory
http://www.waraxe.us/advisory-57.htmlExploit, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42425Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/42733Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44455Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/5618Exploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/5688Exploit, Third Party Advisory, VDB Entry
http://dev.fckeditor.net/changeset/973Vendor Advisory
http://dev.fckeditor.net/ticket/1325Vendor Advisory
http://downloads.securityfocus.com/vulnerabilities/exploits/30677.phpBroken Link
http://secunia.com/advisories/27123Third Party Advisory
http://secunia.com/advisories/27174Third Party Advisory
http://securityreason.com/securityalert/3182Exploit, Third Party Advisory
http://sourceforge.net/forum/forum.php?forum_id=743930Broken Link
http://sourceforge.net/project/shownotes.php?release_id=546000Broken Link
http://www.securityfocus.com/archive/1/480830/100/0/threadedExploit, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/29422Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/30677Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/3464Third Party Advisory
http://www.vupen.com/english/advisories/2007/3465Third Party Advisory
http://www.waraxe.us/advisory-57.htmlExploit, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42425Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/42733Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44455Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/5618Exploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/5688Exploit, Third Party Advisory, VDB Entry

Timeline

Published: Oct 1, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-5156?

How severe is CVE-2007-5156?

Severity scoring for CVE-2007-5156 is pending analysis. The EPSS model estimates a 8.00% probability of exploitation in the next 30 days.

How do I fix CVE-2007-5156?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-5156?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST