Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4767

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-4767
Last Modified 28 Oct 2008 12:00:00
Published 28 Oct 2008 06:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-4767

Summary

Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.

Vulnerable Systems

Application

  • Php-nuke Downloadsplus Module


References

XF - downloadsplus-extension-file-upload(42007)

BID - 28919

MISC - http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html


Last Updated: 27 May 2016 10:48:36