PT-2009-2254 · Unknown · Mini File Host

Pouya_Server

Published

2009-05-01

Updated

2017-09-29

CVE-2008-6785

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Mini File Host version 1.5

Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in an unspecified directory. This can be demonstrated by creating a name.php file.

Recommendations: For Mini File Host version 1.5, consider restricting or disabling file uploads until a patch is available to prevent the execution of arbitrary code. As a temporary workaround, restrict access to directories where uploaded files are stored to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-6785

Affected Products

Mini File Host

PT-2009-2254 · Unknown · Mini File Host

CVE-2008-6785

Weakness Enumeration

Related Identifiers

Affected Products

References · 4