PT-2009-2283 · Mambo · Simpleboard

T0Pp8Uzz

Published

2009-05-28

Updated

2017-09-29

CVE-2008-6814

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: SimpleBoard (com simpleboard) component versions 1.0.1 and earlier for Mambo

Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type to the image upload.php file, and then accessing this file via a direct request to the file in components/com simpleboard/.

Recommendations: For SimpleBoard (com simpleboard) component versions 1.0.1 and earlier, consider restricting access to the image upload.php file until a fix is available, and avoid uploading files with executable extensions to prevent potential code execution.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-6814

Affected Products

Simpleboard

PT-2009-2283 · Mambo · Simpleboard

CVE-2008-6814

Weakness Enumeration

Related Identifiers

Affected Products

References · 4