// For flags

CVE-2008-6814

Mambo Component SimpleBoard 1.0.1 - Arbitrary File Upload

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.

Vulnerabilidad de envío de archivo no restringido en image_upload.php en el componente SimpleBoard (com_simpleboard) v1.0.1 y anteriores para Mambo permite a atacantes remotos ejecutar código de su elección mediante la subida de un fichero con extensión ejecutable y un contenido de tipo image/jpeg, para posteriormente acceder al fichero mediante una petición directa en components/com_simpleboard/, una vulnerabilidad diferente a CVE-2006-3528.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-05-28 CVE Reserved
  • 2009-05-28 CVE Published
  • 2023-08-31 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jan De Graaff
Search vendor "Jan De Graaff"
 Com Simpleboard
Search vendor "Jan De Graaff" for product "Com Simpleboard"
 <= 1.0.1
Search vendor "Jan De Graaff" for product "Com Simpleboard" and version " <= 1.0.1"
-
Affected
in Mambo
Search vendor "Mambo"
 Mambo
Search vendor "Mambo" for product "Mambo"
*-
Safe
Jan De Graaff
Search vendor "Jan De Graaff"
 Com Simpleboard
Search vendor "Jan De Graaff" for product "Com Simpleboard"
 0.9
Search vendor "Jan De Graaff" for product "Com Simpleboard" and version "0.9"
-
Affected
in Mambo
Search vendor "Mambo"
 Mambo
Search vendor "Mambo" for product "Mambo"
*-
Safe
Jan De Graaff
Search vendor "Jan De Graaff"
 Com Simpleboard
Search vendor "Jan De Graaff" for product "Com Simpleboard"
 0.9.1
Search vendor "Jan De Graaff" for product "Com Simpleboard" and version "0.9.1"
-
Affected
in Mambo
Search vendor "Mambo"
 Mambo
Search vendor "Mambo" for product "Mambo"
*-
Safe
Jan De Graaff
Search vendor "Jan De Graaff"
 Com Simpleboard
Search vendor "Jan De Graaff" for product "Com Simpleboard"
 0.9.2
Search vendor "Jan De Graaff" for product "Com Simpleboard" and version "0.9.2"
-
Affected
in Mambo
Search vendor "Mambo"
 Mambo
Search vendor "Mambo" for product "Mambo"
*-
Safe
Jan De Graaff
Search vendor "Jan De Graaff"
 Com Simpleboard
Search vendor "Jan De Graaff" for product "Com Simpleboard"
 1.0
Search vendor "Jan De Graaff" for product "Com Simpleboard" and version "1.0"
rc1
Affected
in Mambo
Search vendor "Mambo"
 Mambo
Search vendor "Mambo" for product "Mambo"
*-
Safe
Jan De Graaff
Search vendor "Jan De Graaff"
 Com Simpleboard
Search vendor "Jan De Graaff" for product "Com Simpleboard"
 1.0
Search vendor "Jan De Graaff" for product "Com Simpleboard" and version "1.0"
rc2
Affected
in Mambo
Search vendor "Mambo"
 Mambo
Search vendor "Mambo" for product "Mambo"
*-
Safe
Jan De Graaff
Search vendor "Jan De Graaff"
 Com Simpleboard
Search vendor "Jan De Graaff" for product "Com Simpleboard"
 1.0
Search vendor "Jan De Graaff" for product "Com Simpleboard" and version "1.0"
rc3
Affected
in Mambo
Search vendor "Mambo"
 Mambo
Search vendor "Mambo" for product "Mambo"
*-
Safe