CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-7088

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1590%
EPSS Percentile39.82th
Published2009年8月26日
Last Modified2026年4月23日

Vulnerability Description

Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.

Affected Platforms (CPE)

📦
Photopost

Photopost Vbgallery

= 2.4.2

References & Advisories

🔗 http://www.securityfocus.com/bid/30249
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/43845
🔗 https://www.exploit-db.com/exploits/6082
🔗 http://www.securityfocus.com/bid/30249
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/43845
🔗 https://www.exploit-db.com/exploits/6082

関連する脆弱性情報

CVE-2008-025110.0

Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...