cbcvebase.
CVE-2008-0251
published 2008-01-12

CVE-2008-0251: Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.

PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
3.54%
87.8th percentile
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.

Affected

2 ranges
VendorProductVersion rangeFixed in
photopostphotopost_vbgallery<= 2.4.1
photopostphotopost_vbgallery

Detection & IOCsextracted from sources · hover to see the quote

path/$gallery_path/upload.php
path/$gallery_path/files/
filename$name.php.wmv
  • Malicious file uploads exploit a double-extension bypass (e.g., .php.wmv) to disguise PHP webshells as media files. Detect uploads to the vBGallery upload endpoint where the filename contains a PHP-related extension followed by a media extension.
  • Uploaded webshells are stored under the authenticated user's numeric account folder within the gallery files directory. Monitor for PHP file execution from paths matching the pattern /$gallery_path/files/<digits>/
  • For users with multi-digit account numbers, the upload path is split digit-by-digit into subdirectories (e.g., user 12345 → /files/1/2/3/4/5/). Monitor for deeply nested numeric directory structures under the gallery files path containing double-extension files.
  • Exploitation requires an authenticated forum user account. Correlate suspicious file uploads with newly registered or low-activity user accounts.
  • ·The vulnerability affects PhotoPost vBGallery versions before 2.4.2. The gallery path ($gallery_path) is installation-specific and must be determined per deployment to construct accurate detection rules.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.