PT-2008-4595 · Webxell · Webxell Editor

Cwh Underground

Published

2008-07-15

Updated

2017-09-29

CVE-2008-3178

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: WebXell Editor version 0.1.3

Description: The issue allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type to the upload pictures.php file, and then accessing it via a direct request to the file in the upload/ directory.

Recommendations: For WebXell Editor version 0.1.3, restrict access to the upload pictures.php file to prevent unauthorized file uploads, and consider validating the file type and content before allowing uploads to mitigate the risk of code execution.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-3178

Affected Products

Webxell Editor

PT-2008-4595 · Webxell · Webxell Editor

CVE-2008-3178

Weakness Enumeration

Related Identifiers

Affected Products

References · 7