CVE-2008-5677
published 2008-12-19CVE-2008-5677: Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with…
PriorityP337high7.1CVSS 2.0
AVNACHAuSCCICAC
EXPLOIT
EPSS
4.13%
89.5th percentile
Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kwalbum | kwalbum | <= 2.0.2 | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
| kwalbum | kwalbum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/32145http://securityreason.com/securityalert/4789http://www.securityfocus.com/bid/31568https://exchange.xforce.ibmcloud.com/vulnerabilities/45655https://www.exploit-db.com/exploits/6664http://secunia.com/advisories/32145http://securityreason.com/securityalert/4789http://www.securityfocus.com/bid/31568https://exchange.xforce.ibmcloud.com/vulnerabilities/45655https://www.exploit-db.com/exploits/6664
2008-12-19
Published