CyberSec.Space Logo
Back to CVE Browser

CVE-2009-1314

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile23.05th
PublishedApr 17, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.

Affected Platforms (CPE)

πŸ“¦
Webfileexplorer

Web File Explorer

= 3.1

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/50389
πŸ”— https://www.exploit-db.com/exploits/8382
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/50389
πŸ”— https://www.exploit-db.com/exploits/8382

Related Vulnerabilities

CVE-1999-034710.0

Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javasc...

CVE-2009-25009.3

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Micros...

CVE-2008-44999.3

Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute a...

CVE-2009-25019.3

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2...