CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4428

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1210%
EPSS Percentile39.64th
PublishedOct 3, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.

Affected Platforms (CPE)

πŸ“¦
Phlatline

Personal Information Manager

<= 1.0

References & Advisories

πŸ”— http://secunia.com/advisories/31424
πŸ”— http://securityreason.com/securityalert/4349
πŸ”— http://www.securityfocus.com/bid/30627
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/44390
πŸ”— https://www.exploit-db.com/exploits/6231
πŸ”— http://secunia.com/advisories/31424
πŸ”— http://securityreason.com/securityalert/4349
πŸ”— http://www.securityfocus.com/bid/30627

Related Vulnerabilities

CVE-2019-111969.8

An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthen...

CVE-2016-06358.8

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2,...

CVE-2008-44258.8

Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to ...

CVE-2025-119598.1

Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerabili...