CVE-2008-5220
published 2008-11-25CVE-2008-5220: Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a…
PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
14.29%
96.2th percentile
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wportfolio | wportfolio | <= 0.3 | — |
| wportfolio | wportfolio | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for multipart/form-data POST requests to admin/upload_form.php containing files with executable extensions (e.g., .php, .php3, .phtml, .pl, .cgi). ↗
- →Alert on direct HTTP GET requests to admin/tmp/ following a POST to admin/upload_form.php, which indicates an attacker attempting to execute an uploaded webshell. ↗
- →The exploit POSTs a file via the 'file_to_upload' form field to the target upload endpoint; detect this field name in multipart POST bodies to admin/upload_form.php. ↗
- ·The vulnerability affects wPortfolio version 0.3 and earlier only; verify the installed version before applying detections to avoid false positives on patched or unrelated installations. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/32367http://www.vupen.com/english/advisories/2008/3219https://exchange.xforce.ibmcloud.com/vulnerabilities/46745https://www.exploit-db.com/exploits/7165http://www.securityfocus.com/bid/32367http://www.vupen.com/english/advisories/2008/3219https://exchange.xforce.ibmcloud.com/vulnerabilities/46745https://www.exploit-db.com/exploits/7165
2008-11-25
Published