Lucene search

[email protected]CVE-2008-1958

HistoryApr 25, 2008 - 7:05 p.m.

CVE-2008-1958

2008-04-2519:05:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-1958

file upload vulnerability

tr script news 2.1

remote code execution

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.2%

JSON

Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension.

Affected configurations

NVD

Node

easyscriptstr_script_newsMatch2.1

CPENameOperatorVersion
easyscripts:tr_script_newseasyscripts tr script newseq2.1

CPE	Name	Operator	Version
easyscripts:tr_script_news	easyscripts tr script news	eq	2.1

References

secunia.com/advisories/29814

exchange.xforce.ibmcloud.com/vulnerabilities/41953

www.exploit-db.com/exploits/5483

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for CVE-2008-1958

cvelist1 nvd1 prion1