CVE-2008-7215

Exploit

EPSS 2.1%
Published 11.09.2009 16:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Mambo-foundation ≫ Mambo Version <= 4.6.3

Mambo-foundation ≫ Mambo Version4.6.2

Brilaps ≫ Mostlyce Version <= 2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.1%	0.824

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:N/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html

Vendor Advisory

http://forum.mambo-foundation.org/showthread.php?t=10158

http://secunia.com/advisories/28670

Vendor Advisory

http://www.bugreport.ir/index_33.htm

Exploit

http://www.securityfocus.com/archive/1/487128/100/200/threaded

http://www.vupen.com/english/advisories/2008/0325

Vendor Advisory

http://osvdb.org/42532

Exploit