Lucene search

[email protected]CVE-2008-6731

HistoryApr 20, 2009 - 2:30 p.m.

CVE-2008-6731

2009-04-2014:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-6731

remote attackers

arbitrary php code

file upload

executable extension

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.

Affected configurations

NVD

Node

china-on-siteflexphplinkMatch0.0.7pro

CPENameOperatorVersion
china-on-site:flexphplinkchina-on-site flexphplinkeq0.0.7

CPE	Name	Operator	Version
china-on-site:flexphplink	china-on-site flexphplink	eq	0.0.7

References

secunia.com/advisories/33343

www.osvdb.org/53187

www.securityfocus.com/bid/33034

exchange.xforce.ibmcloud.com/vulnerabilities/47614

www.exploit-db.com/exploits/7600

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

Related for CVE-2008-6731

nvd1 prion1 cvelist1