cbcvebase.
CVE-2008-5220
published 2008-11-25

CVE-2008-5220: Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a…

PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
14.29%
96.2th percentile
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.

Affected

2 ranges
VendorProductVersion rangeFixed in
wportfoliowportfolio<= 0.3
wportfoliowportfolio

Detection & IOCsextracted from sources · hover to see the quote

pathadmin/upload_form.php
pathadmin/tmp/
  • Monitor for multipart/form-data POST requests to admin/upload_form.php containing files with executable extensions (e.g., .php, .php3, .phtml, .pl, .cgi).
  • Alert on direct HTTP GET requests to admin/tmp/ following a POST to admin/upload_form.php, which indicates an attacker attempting to execute an uploaded webshell.
  • The exploit POSTs a file via the 'file_to_upload' form field to the target upload endpoint; detect this field name in multipart POST bodies to admin/upload_form.php.
  • ·The vulnerability affects wPortfolio version 0.3 and earlier only; verify the installed version before applying detections to avoid false positives on patched or unrelated installations.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.