CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2008-4509

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile22.31th
Published2008年10月9日
Last Modified2026年4月23日

Vulnerability Description

Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory.

Affected Platforms (CPE)

📦
Foss Gallery

Foss Gallery

= 1.0
📦
Foss Gallery

Foss Gallery

= 1.0

References & Advisories

🔗 http://securityreason.com/securityalert/4379
🔗 http://www.securityfocus.com/bid/31574
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45683
🔗 https://www.exploit-db.com/exploits/6670
🔗 https://www.exploit-db.com/exploits/6674
🔗 https://www.exploit-db.com/exploits/6680
🔗 http://securityreason.com/securityalert/4379
🔗 http://www.securityfocus.com/bid/31574

相關漏洞威脅

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-034410.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote a...