Unrated severityNVD Advisory· Published Mar 22, 2007· Updated Jun 16, 2026
CVE-2007-1604
CVE-2007-1604
Description
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
7News mentions
0No linked articles in our index yet.