CVE-2008-2574

2008-06-0622:00:00

mitre

www.cve.org

7.7 High

AI Score

Confidence

High

0.089 Low

EPSS

Percentile

94.6%

JSON

Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/.

References

securityreason.com/securityalert/3928

www.dumenci.net/web-action/flashblog-beta0.31-remote-file-upload-vulnerability.html

www.flashblog.org

www.securityfocus.com/archive/1/492738/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/42820

www.exploit-db.com/exploits/5728