Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5220

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5220
Last Modified 07 Mar 2011 10:14:11
Published 25 Nov 2008 01:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5220

Summary

Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.

Vulnerable Systems

Application

  • Wportfolio 0.2

  • Wportfolio 0.3


References

XF - wportfolio-uploadform-file-upload(46745)

VUPEN - ADV-2008-3219

BID - 32367

MILW0RM - 7165


Last Updated: 27 May 2016 10:48:44