CVE-2008-3592

Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
21degreessymphony
𝑥
≤ 1.7.01
21degreessymphony
1.1
21degreessymphony
1.5
21degreessymphony
1.5.05
21degreessymphony
1.5.06
21degreessymphony
1.6.02
21degreessymphony
1.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://overture21.com/forum/comments.php?DiscussionID=1823
http://secunia.com/advisories/31293
http://securityreason.com/securityalert/4137
https://exchange.xforce.ibmcloud.com/vulnerabilities/44432
https://www.exploit-db.com/exploits/6177
http://overture21.com/forum/comments.php?DiscussionID=1823
http://secunia.com/advisories/31293
http://securityreason.com/securityalert/4137
https://exchange.xforce.ibmcloud.com/vulnerabilities/44432
https://www.exploit-db.com/exploits/6177