Lucene search

[email protected]CVE-2008-4428

HistoryOct 03, 2008 - 10:22 p.m.

CVE-2008-4428

2008-10-0322:22:44

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-4428

unrestricted file upload

ppim

arbitrary code execution

upload.php

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.6%

JSON

Unrestricted file upload vulnerability in upload.php in Phlatline’s Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.

Affected configurations

NVD

Node

phlatlinepersonal_information_managerRange≤1.0

CPENameOperatorVersion
phlatline:personal_information_managerphlatline personal information managerle1.0

CPE	Name	Operator	Version
phlatline:personal_information_manager	phlatline personal information manager	le	1.0

References

secunia.com/advisories/31424

securityreason.com/securityalert/4349

www.securityfocus.com/bid/30627

exchange.xforce.ibmcloud.com/vulnerabilities/44390

www.exploit-db.com/exploits/6231

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.6%

JSON

Related for CVE-2008-4428

cvelist1 nvd1 prion1