Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3093

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-3093
Last Modified 14 May 2009 01:25:57
Published 09 Jul 2008 03:33:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-3093

Summary

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the Upload_Avatar parameter and sending the image/gif content type.

Vulnerable Systems

Application

  • Phplizardo Imperialbb 2.3.5


References

XF - imperialbb-avatar-file-upload(43608)

BID - 30100

MILW0RM - 6008

SECUNIA - 30939

MISC - http://phplizardo.breizh-web.net/blog/2008/07/05/advisory-1-imperialbb


Last Updated: 27 May 2016 10:48:04