Lucene search
MitreCVE-2008-6900HistoryAug 06, 2009 - 12:30 a.m.
CVE-2008-6900
2009-08-0600:30:00
CWE-94
mitre
web.nvd.nist.gov
25
cve-2008-6900
file upload vulnerability
availscript article script
remote code execution
nvd
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.5
Confidence
Low
EPSS
0.007
Percentile
80.5%
Unrestricted file upload vulnerability in “Add Pen/Author Name” feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/.
Affected configurations
Node
availscriptavailscript_article_script
| Vendor | Product | Version | CPE |
|---|---|---|---|
| availscript | availscript_article_script | * | cpe:2.3:a:availscript:availscript_article_script:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2008-6900
2009-08-06 00:00:00
prion
prion
Unrestricted file upload
2009-08-06 00:30:00
nvd
nvd
CVE-2008-6900
2009-08-06 00:30:00
exploitdb
exploitdb
AvailScript Article Script - Arbitrary File Upload
2008-12-14 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.5
Confidence
Low
EPSS
0.007
Percentile
80.5%
Related for CVE-2008-6900