Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6518


Vulnerability Score 6.5 6.5
CVE Id CVE-2008-6518
Last Modified 25 Mar 2009 12:00:00
Published 25 Mar 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE



Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request.

Vulnerable Systems


  • Vidiscript -


XF - vidiscript-avatar-file-upload(44525)

BID - 30721

MILW0RM - 6259

Last Updated: 27 May 2016 10:49:13