CVE-2008-5220

Exploit

EPSS 6.49%
Published 25.11.2008 18:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Wportfolio ≫ Wportfolio Version <= 0.3

Wportfolio ≫ Wportfolio Version0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.49%	0.905

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/32367

Exploit

http://www.vupen.com/english/advisories/2008/3219

https://exchange.xforce.ibmcloud.com/vulnerabilities/46745

https://www.exploit-db.com/exploits/7165

https://nvd.nist.gov/vuln/detail/CVE-2008-5220

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5220

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5220

EUVD