Lucene search

[email protected]CVE-2008-4366

HistorySep 30, 2008 - 11:24 p.m.

CVE-2008-4366

2008-09-3023:24:53

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-4366

unrestricted file upload

image upload component

execute arbitrary code

remote authenticated users

security vulnerability

camera life 2.6.2b4

nvd

7.3 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

86.0%

JSON

Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload.

Affected configurations

NVD

Node

camera_lifecamera_lifeMatch2.6.2b4

CPENameOperatorVersion
camera_life:camera_lifecamera lifeeq2.6.2b4

CPE	Name	Operator	Version
camera_life:camera_life	camera life	eq	2.6.2b4

References

securityreason.com/securityalert/4344

www.securityfocus.com/bid/31456

exchange.xforce.ibmcloud.com/vulnerabilities/45492

www.exploit-db.com/exploits/6594

7.3 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

86.0%

JSON

Related for CVE-2008-4366

prion1 cvelist1 nvd1