CyberSec.Space Logo
Back to CVE Browser

CVE-2008-7088

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1590%
EPSS Percentile39.82th
PublishedAug 26, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.

Affected Platforms (CPE)

πŸ“¦
Photopost

Photopost Vbgallery

= 2.4.2

References & Advisories

πŸ”— http://www.securityfocus.com/bid/30249
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/43845
πŸ”— https://www.exploit-db.com/exploits/6082
πŸ”— http://www.securityfocus.com/bid/30249
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/43845
πŸ”— https://www.exploit-db.com/exploits/6082

Related Vulnerabilities

CVE-2008-025110.0

Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary...

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2008-034410.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote a...