Lucene search

[email protected]CVE-2008-5677

HistoryDec 19, 2008 - 1:52 a.m.

CVE-2008-5677

2008-12-1901:52:58

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-5677

unrestricted file upload

kwalbum

remote code execution

vulnerability

security advisory

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.8%

JSON

Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

kwalbumkwalbumRange≤2.0.2

kwalbumkwalbumMatch0.5.1

kwalbumkwalbumMatch0.5.2

kwalbumkwalbumMatch0.5.3

kwalbumkwalbumMatch0.5.4

kwalbumkwalbumMatch0.5.6

kwalbumkwalbumMatch0.5.7

kwalbumkwalbumMatch0.5.8

kwalbumkwalbumMatch0.5.9

kwalbumkwalbumMatch0.5.10

kwalbumkwalbumMatch0.5.11

kwalbumkwalbumMatch0.5.12

kwalbumkwalbumMatch0.6.0

kwalbumkwalbumMatch0.6.1

kwalbumkwalbumMatch0.6.4

kwalbumkwalbumMatch0.6.5

kwalbumkwalbumMatch0.6.6

kwalbumkwalbumMatch0.6.7

kwalbumkwalbumMatch0.6.8

kwalbumkwalbumMatch0.6.9

kwalbumkwalbumMatch0.6.10

kwalbumkwalbumMatch0.6.11

kwalbumkwalbumMatch0.6.12

kwalbumkwalbumMatch0.6.13

kwalbumkwalbumMatch0.6.14

kwalbumkwalbumMatch0.6.15

kwalbumkwalbumMatch0.6.16

kwalbumkwalbumMatch0.7.0

kwalbumkwalbumMatch0.7.1

kwalbumkwalbumMatch0.8.0

kwalbumkwalbumMatch0.9.0

kwalbumkwalbumMatch0.9.1

kwalbumkwalbumMatch0.9.2

kwalbumkwalbumMatch0.9.3

kwalbumkwalbumMatch0.9.4

kwalbumkwalbumMatch1.0

kwalbumkwalbumMatch2.0

kwalbumkwalbumMatch2.0.1

kwalbumkwalbumMatch2.0.4

CPENameOperatorVersion
kwalbum:kwalbumkwalbumle2.0.2
kwalbum:kwalbumkwalbumeq0.5.1
kwalbum:kwalbumkwalbumeq0.5.2
kwalbum:kwalbumkwalbumeq0.5.3
kwalbum:kwalbumkwalbumeq0.5.4
kwalbum:kwalbumkwalbumeq0.5.6
kwalbum:kwalbumkwalbumeq0.5.7
kwalbum:kwalbumkwalbumeq0.5.8
kwalbum:kwalbumkwalbumeq0.5.9
kwalbum:kwalbumkwalbumeq0.5.10

CPE	Name	Operator	Version
kwalbum:kwalbum	kwalbum	le	2.0.2
kwalbum:kwalbum	kwalbum	eq	0.5.1
kwalbum:kwalbum	kwalbum	eq	0.5.2
kwalbum:kwalbum	kwalbum	eq	0.5.3
kwalbum:kwalbum	kwalbum	eq	0.5.4
kwalbum:kwalbum	kwalbum	eq	0.5.6
kwalbum:kwalbum	kwalbum	eq	0.5.7
kwalbum:kwalbum	kwalbum	eq	0.5.8
kwalbum:kwalbum	kwalbum	eq	0.5.9
kwalbum:kwalbum	kwalbum	eq	0.5.10

Rows per page:

1-10 of 391

References

secunia.com/advisories/32145

securityreason.com/securityalert/4789

www.securityfocus.com/bid/31568

exchange.xforce.ibmcloud.com/vulnerabilities/45655

www.exploit-db.com/exploits/6664

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.8%

JSON

Related for CVE-2008-5677

cvelist1 nvd1 prion1