PT-2009-2626 · Ekin · Ekinboard

Eugene Minaev

Published

2009-09-02

Updated

2017-09-29

CVE-2008-7157

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions EkinBoard versions 1.1.0 and earlier

Description The issue allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.

Recommendations For versions 1.1.0 and earlier, consider restricting or disabling the file upload feature, especially for avatar files, until a proper fix is applied to prevent remote code execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-7157

Affected Products

Ekinboard

PT-2009-2626 · Ekin · Ekinboard

CVE-2008-7157

Weakness Enumeration

Related Identifiers

Affected Products

References · 4