CVE-2008-5677

Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
kwalbumkwalbum
𝑥
≤ 2.0.2
kwalbumkwalbum
0.5.1
kwalbumkwalbum
0.5.2
kwalbumkwalbum
0.5.3
kwalbumkwalbum
0.5.4
kwalbumkwalbum
0.5.6
kwalbumkwalbum
0.5.7
kwalbumkwalbum
0.5.8
kwalbumkwalbum
0.5.9
kwalbumkwalbum
0.5.10
kwalbumkwalbum
0.5.11
kwalbumkwalbum
0.5.12
kwalbumkwalbum
0.6.0
kwalbumkwalbum
0.6.1
kwalbumkwalbum
0.6.4
kwalbumkwalbum
0.6.5
kwalbumkwalbum
0.6.6
kwalbumkwalbum
0.6.7
kwalbumkwalbum
0.6.8
kwalbumkwalbum
0.6.9
kwalbumkwalbum
0.6.10
kwalbumkwalbum
0.6.11
kwalbumkwalbum
0.6.12
kwalbumkwalbum
0.6.13
kwalbumkwalbum
0.6.14
kwalbumkwalbum
0.6.15
kwalbumkwalbum
0.6.16
kwalbumkwalbum
0.7.0
kwalbumkwalbum
0.7.1
kwalbumkwalbum
0.8.0
kwalbumkwalbum
0.9.0
kwalbumkwalbum
0.9.1
kwalbumkwalbum
0.9.2
kwalbumkwalbum
0.9.3
kwalbumkwalbum
0.9.4
kwalbumkwalbum
1.0
kwalbumkwalbum
2.0
kwalbumkwalbum
2.0.1
kwalbumkwalbum
2.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/32145
http://securityreason.com/securityalert/4789
http://www.securityfocus.com/bid/31568
https://exchange.xforce.ibmcloud.com/vulnerabilities/45655
https://www.exploit-db.com/exploits/6664
http://secunia.com/advisories/32145
http://securityreason.com/securityalert/4789
http://www.securityfocus.com/bid/31568
https://exchange.xforce.ibmcloud.com/vulnerabilities/45655
https://www.exploit-db.com/exploits/6664