Unrated severityNVD Advisory· Published Jan 8, 2008· Updated Apr 23, 2026

CVE-2007-6676

Description

The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and (b) uber_uploader_file.php, related to uber_uploader_file.js, a different issue than CVE-2007-0123. NOTE: the vendor disputes the severity of the issue, noting that it is the administrator's responsibility to "add file extensions that you may or may not want uploaded."

Affected products

Uber Uploader/Uber Uploader
cpe:2.3:a:uber_uploader:uber_uploader:*:*:*:*:*:*:*:*
Range: <=5.3.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/43535nvd
securityreason.com/securityalert/3519nvd
www.securityfocus.com/archive/1/485235/100/100/threadednvd
www.securityfocus.com/archive/1/485290/100/100/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000