1 results (0.001 seconds)
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2008-4767 – PHP-Nuke DownloadsPlus Module - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-4767
28 Oct 2008 — Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality. Vuln... • https://www.exploit-db.com/exploits/31702 • CWE-20: Improper Input Validation •