Lucene search

[email protected]CVE-2008-0632

HistoryFeb 06, 2008 - 9:00 p.m.

CVE-2008-0632

2008-02-0621:00:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-0632

file upload

vulnerability

lightblog 9.5

remote code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.068 Low

EPSS

Percentile

93.9%

JSON

Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog’s root directory.

Affected configurations

NVD

Node

lightbloglightblogMatch9.5

CPENameOperatorVersion
lightblog:lightbloglightblogeq9.5

CPE	Name	Operator	Version
lightblog:lightblog	lightblog	eq	9.5

References

omni.netsons.org/blog/?p=11

secunia.com/advisories/28734

securityreason.com/securityalert/3617

www.securityfocus.com/archive/1/487398/100/0/threaded

www.securityfocus.com/bid/27562

www.exploit-db.com/exploits/5033

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.068 Low

EPSS

Percentile

93.9%

JSON

Related for CVE-2008-0632

prion1 cvelist1 nvd1