PT-2009-2219 · Flexphpdirectory · Flexphpdirectory

X0R

Published

2009-04-24

Updated

2017-09-29

CVE-2008-6750

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: FlexPHPDirectory version 0.0.1

Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the add.php file, and then accessing it via a direct request to the file in the photo/ directory.

Recommendations: For FlexPHPDirectory version 0.0.1, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available. Restrict access to the add.php file and the photo/ directory to minimize the risk of exploitation. Avoid using the file upload feature in add.php until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-6750

Affected Products

Flexphpdirectory

PT-2009-2219 · Flexphpdirectory · Flexphpdirectory

CVE-2008-6750

Weakness Enumeration

Related Identifiers

Affected Products

References · 5