CVE-2008-0233
Published Jan 11, 2008
Last updated 7 years ago
Overview
- Description
- Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zero_cms:zero_cms:1.0_alpha:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E05AC519-6859-4308-BEF1-23D8666472A2"
}
],
"operator": "OR"
}
]
}
]