Lucene search

[email protected]CVE-2008-7076

HistoryAug 25, 2009 - 10:30 a.m.

CVE-2008-7076

2009-08-2510:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-7076

file upload

vulnerability

kalptaru infotech ltd.

star articles 6.0

remote code execution

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.3%

JSON

Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/.

Affected configurations

NVD

Node

kalptaru_infotechstararticlesMatch6.0

CPENameOperatorVersion
kalptaru_infotech:stararticleskalptaru infotech stararticleseq6.0

CPE	Name	Operator	Version
kalptaru_infotech:stararticles	kalptaru infotech stararticles	eq	6.0

References

osvdb.org/50459

secunia.com/advisories/32887

www.securityfocus.com/bid/32509

exchange.xforce.ibmcloud.com/vulnerabilities/46982

www.exploit-db.com/exploits/7251

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2008-7076

prion1 cvelist1 nvd1