3 matches found
CVE-2008-7157
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/...
CVE-2008-7156
EkinBoard 1.1.0 and earlier, when registerglobals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the groups parameter to 2, as demonstrated via backup.php...
CVE-2008-7157
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/...