PT-2008-2257 · Lightblog · Lightblog

Omni

Published

2008-02-06

Updated

2018-10-15

CVE-2008-0632

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions LightBlog version 9.5

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the blog's root directory via the cp upload image.php script, and then accessing it directly.

Recommendations For LightBlog version 9.5, consider restricting or disabling the cp upload image.php script until a patch is available to prevent remote attackers from uploading executable files. Additionally, restrict access to the blog's root directory to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-0632

Affected Products

Lightblog

PT-2008-2257 · Lightblog · Lightblog

CVE-2008-0632

Weakness Enumeration

Related Identifiers

Affected Products

References · 7