Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5663

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-5663
Last Modified 29 Jan 2009 01:59:48
Published 18 Dec 2008 08:51:59
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-5663

Summary

Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.

Vulnerable Systems

Application

  • Kusaba 1.0.4


References

XF - kusaba-loadreceiver-code-execution(45794)

XF - kusaba-paintsave-code-execution(45793)

BID - 31685

BID - 31668

MILW0RM - 6711

MILW0RM - 6706

SREASON - 4782


Last Updated: 27 May 2016 10:48:52