|
|
CVE Reference: CVE-2008-7209 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-7209 |
|
|
Description: Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/39485 OSVDB 51117 MISC http://www.bugreport.ir/index_26.htm MILW0RM http://www.milw0rm.com/exploits/4857 CONFIRM http://sourceforge.net/forum/forum.php?forum_id=774946 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/485837/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/487136/100/200/threaded BID 27158 |
|
| Return to the previous page. |
