CVE-2008-4767

PHP-Nuke DownloadsPlus Module - Arbitrary File Upload

Severity Score

9.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.

Vulnerabilidad de subida de fichero sin restricción en el módulo DownloadsPlus en PHP-Nuke, permite a atacantes remotos ejecutar código de su elección a través la subida de ficheros con la extensión (1) .htm, (2) .html, o (3) .txt y después accediendo a ellos mediante una petición directa al archivo. NOTA: el origen de esta información es desconocido. Los detalles han sido obtenidos de terceros. NOTA: no está claro cómo permitiendo la subida de archivos .txt o .html se permite la ejecución arbitraria de código; es posible que sea una funcionalidad legítima.

*Credits: N/A

CVSS Scores

NISTv2 9.0

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-04-24 First Exploit
2008-10-27 CVE Reserved
2008-10-28 CVE Published
2024-01-22 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (4)

URL	Tag	Source
http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html	X_refsource_misc
http://www.securityfocus.com/bid/28919	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/42007	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/31702	2008-04-24

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php-nuke Search vendor "Php-nuke"	Downloadsplus Module Search vendor "Php-nuke" for product "Downloadsplus Module"	*	-	Affected	in	Phpnuke Search vendor "Phpnuke"	Php-nuke Search vendor "Phpnuke" for product "Php-nuke"	*	-	Safe