CVE-2008-5677

Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information.
Configurations

Configuration 1

cpe:2.3:a:kwalbum:kwalbum:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.8:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.11:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.6:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.9:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.13:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.10:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:*:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.5.8:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.14:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.15:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:2.0:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.5.7:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.12:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.5.12:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.5.10:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.5.11:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.16:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.7:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.5.6:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:1.0:*:*:*:*:*:*:*
cpe:2.3:a:kwalbum:kwalbum:0.9.3:*:*:*:*:*:*:*

Information

Published : 2008-12-19 01:52

Updated : 2017-09-29 01:32


NVD link : CVE-2008-5677

Mitre link : CVE-2008-5677

Products Affected
No products.
CWE