Lucene search

[email protected]CVE-2008-1790

HistoryApr 15, 2008 - 5:05 p.m.

CVE-2008-1790

2008-04-1517:05:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-1790

file upload vulnerability

iscripts socialware

unrestricted file upload

remote exploitation

sql injection vulnerability

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.0%

JSON

Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the “Manage Settings” functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.

Affected configurations

NVD

Node

iscriptssocialware

CPENameOperatorVersion
iscripts:socialwareiscripts socialwareeq*

CPE	Name	Operator	Version
iscripts:socialware	iscripts socialware	eq	*

References

secunia.com/advisories/29725

www.osvdb.org/44327

www.securityfocus.com/bid/28670

www.vupen.com/english/advisories/2008/1137/references

exchange.xforce.ibmcloud.com/vulnerabilities/41751

www.exploit-db.com/exploits/5402

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.0%

JSON

Related for CVE-2008-1790

prion1 nvd1 cvelist1