Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5677

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-5677
Last Modified 29 Jan 2009 01:59:50
Published 18 Dec 2008 08:52:58
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2008-5677

Summary

Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Kwalbum 0.5.1

  • Kwalbum 0.5.10

  • Kwalbum 0.5.11

  • Kwalbum 0.5.12

  • Kwalbum 0.5.2

  • Kwalbum 0.5.3

  • Kwalbum 0.5.4

  • Kwalbum 0.5.6

  • Kwalbum 0.5.7

  • Kwalbum 0.5.8

  • Kwalbum 0.5.9

  • Kwalbum 0.6.0

  • Kwalbum 0.6.1

  • Kwalbum 0.6.10

  • Kwalbum 0.6.11

  • Kwalbum 0.6.12

  • Kwalbum 0.6.13

  • Kwalbum 0.6.14

  • Kwalbum 0.6.15

  • Kwalbum 0.6.16

  • Kwalbum 0.6.4

  • Kwalbum 0.6.5

  • Kwalbum 0.6.6

  • Kwalbum 0.6.7

  • Kwalbum 0.6.8

  • Kwalbum 0.6.9

  • Kwalbum 0.7.0

  • Kwalbum 0.7.1

  • Kwalbum 0.8.0

  • Kwalbum 0.9.0

  • Kwalbum 0.9.1

  • Kwalbum 0.9.2

  • Kwalbum 0.9.3

  • Kwalbum 0.9.4

  • Kwalbum 1.0

  • Kwalbum 2.0

  • Kwalbum 2.0.1

  • Kwalbum 2.0.2

  • Kwalbum 2.0.4


References

XF - kwalbum-file-upload(45655)

BID - 31568

MILW0RM - 6664

SREASON - 4789

SECUNIA - 32145


Last Updated: 27 May 2016 10:48:53