CVE-2008-6814

Published May 28, 2009

Last updated 7 years ago

CVSS info 6.8

Overview

Description: Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "214C71D6-216D-4F39-96E7-E002967A1A1D",
            "versionEndIncluding": "1.0.1"
          },
          {
            "criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2522DB6-DFCA-4CC9-BC2E-673FE5C0AA84"
          },
          {
            "criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1845E826-71C0-4E1F-AE6E-D2F3CD8A6C14"
          },
          {
            "criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "995C878F-CEAC-4D55-A9B7-B34B69820ABD"
          },
          {
            "criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0DABF8C-4226-4101-B6BF-DBF50CF7E724"
          },
          {
            "criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E77F6D71-DDB0-4FC6-8882-2BA75FA3C728"
          },
          {
            "criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B05EA3B-4AEB-45CB-BDEC-6AAA6A1C2492"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mambo:mambo:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6A453A9F-12E9-40FC-8C42-D80C780154E2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References