CVE-2008-5677
EUVD-2008-564819.12.2008, 01:52
Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| kwalbum | kwalbum | 𝑥 ≤ 2.0.2 |
| kwalbum | kwalbum | 0.5.1 |
| kwalbum | kwalbum | 0.5.2 |
| kwalbum | kwalbum | 0.5.3 |
| kwalbum | kwalbum | 0.5.4 |
| kwalbum | kwalbum | 0.5.6 |
| kwalbum | kwalbum | 0.5.7 |
| kwalbum | kwalbum | 0.5.8 |
| kwalbum | kwalbum | 0.5.9 |
| kwalbum | kwalbum | 0.5.10 |
| kwalbum | kwalbum | 0.5.11 |
| kwalbum | kwalbum | 0.5.12 |
| kwalbum | kwalbum | 0.6.0 |
| kwalbum | kwalbum | 0.6.1 |
| kwalbum | kwalbum | 0.6.4 |
| kwalbum | kwalbum | 0.6.5 |
| kwalbum | kwalbum | 0.6.6 |
| kwalbum | kwalbum | 0.6.7 |
| kwalbum | kwalbum | 0.6.8 |
| kwalbum | kwalbum | 0.6.9 |
| kwalbum | kwalbum | 0.6.10 |
| kwalbum | kwalbum | 0.6.11 |
| kwalbum | kwalbum | 0.6.12 |
| kwalbum | kwalbum | 0.6.13 |
| kwalbum | kwalbum | 0.6.14 |
| kwalbum | kwalbum | 0.6.15 |
| kwalbum | kwalbum | 0.6.16 |
| kwalbum | kwalbum | 0.7.0 |
| kwalbum | kwalbum | 0.7.1 |
| kwalbum | kwalbum | 0.8.0 |
| kwalbum | kwalbum | 0.9.0 |
| kwalbum | kwalbum | 0.9.1 |
| kwalbum | kwalbum | 0.9.2 |
| kwalbum | kwalbum | 0.9.3 |
| kwalbum | kwalbum | 0.9.4 |
| kwalbum | kwalbum | 1.0 |
| kwalbum | kwalbum | 2.0 |
| kwalbum | kwalbum | 2.0.1 |
| kwalbum | kwalbum | 2.0.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References