PT-2009-1988 · Vidiscript · Vidiscript

Cyb3R-1St

Published

2009-03-25

Updated

2017-09-29

CVE-2008-6518

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions VidiScript (affected versions not specified)

Description The issue concerns an unrestricted file upload vulnerability in the profile feature. This allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar and then accessing it via a direct request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-6518

Affected Products

Vidiscript

PT-2009-1988 · Vidiscript · Vidiscript

CVE-2008-6518

Weakness Enumeration

Related Identifiers

Affected Products

References · 4