CVE-2008-0251
published 2008-01-12CVE-2008-0251: Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
3.54%
87.8th percentile
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| photopost | photopost_vbgallery | <= 2.4.1 | — |
| photopost | photopost_vbgallery | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Malicious file uploads exploit a double-extension bypass (e.g., .php.wmv) to disguise PHP webshells as media files. Detect uploads to the vBGallery upload endpoint where the filename contains a PHP-related extension followed by a media extension. ↗
- →Uploaded webshells are stored under the authenticated user's numeric account folder within the gallery files directory. Monitor for PHP file execution from paths matching the pattern /$gallery_path/files/<digits>/ ↗
- →For users with multi-digit account numbers, the upload path is split digit-by-digit into subdirectories (e.g., user 12345 → /files/1/2/3/4/5/). Monitor for deeply nested numeric directory structures under the gallery files path containing double-extension files. ↗
- →Exploitation requires an authenticated forum user account. Correlate suspicious file uploads with newly registered or low-activity user accounts. ↗
- ·The vulnerability affects PhotoPost vBGallery versions before 2.4.2. The gallery path ($gallery_path) is installation-specific and must be determined per deployment to construct accurate detection rules. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-55cc-3mpm-mx3g: Unrestricted file upload vulnerability in upload
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2008-7088 [CRITICAL] CWE-20 GHSA-55cc-3mpm-mx3g: Unrestricted file upload vulnerability in upload
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.
GHSA
GHSA-xrg5-2wx9-gc8m: Unrestricted file upload vulnerability in PhotoPost vBGallery before 2
ghsa_unreviewed·2022-05-01
CVE-2008-0251 [HIGH] CWE-20 GHSA-xrg5-2wx9-gc8m: Unrestricted file upload vulnerability in PhotoPost vBGallery before 2
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/28430http://www.photopost.com/forum/showthread.php?t=134909http://www.photopost.com/forum/showthread.php?t=134910https://exchange.xforce.ibmcloud.com/vulnerabilities/39621http://secunia.com/advisories/28430http://www.photopost.com/forum/showthread.php?t=134909http://www.photopost.com/forum/showthread.php?t=134910https://exchange.xforce.ibmcloud.com/vulnerabilities/39621
2008-01-12
Published