Lucene search

[email protected]NVD:CVE-2008-6684

HistoryApr 10, 2009 - 10:00 p.m.

CVE-2008-6684

2009-04-1022:00:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.013

Percentile

85.9%

JSON

Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in Member_Admin/logo/.

Affected configurations

Nvd

Node

yourfreeworldapartment_search_script

VendorProductVersionCPE
yourfreeworldapartment_search_script*cpe:2.3:a:yourfreeworld:apartment_search_script:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yourfreeworld	apartment_search_script	*	cpe:2.3:a:yourfreeworld:apartment_search_script::::::::

References

www.securityfocus.com/bid/32065

exchange.xforce.ibmcloud.com/vulnerabilities/46283

www.exploit-db.com/exploits/6956

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.013

Percentile

85.9%

JSON

Related for NVD:CVE-2008-6684

cvelist1 cve1 prion1