CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4509

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile22.31th
PublishedOct 9, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory.

Affected Platforms (CPE)

πŸ“¦
Foss Gallery

Foss Gallery

= 1.0
πŸ“¦
Foss Gallery

Foss Gallery

= 1.0

References & Advisories

πŸ”— http://securityreason.com/securityalert/4379
πŸ”— http://www.securityfocus.com/bid/31574
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/45683
πŸ”— https://www.exploit-db.com/exploits/6670
πŸ”— https://www.exploit-db.com/exploits/6674
πŸ”— https://www.exploit-db.com/exploits/6680
πŸ”— http://securityreason.com/securityalert/4379
πŸ”— http://www.securityfocus.com/bid/31574

Related Vulnerabilities

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-461510.0

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.