Security Database IT Watching - Alert Detail

INFORMATION

Name	:	CVE-2008-6822	First Publication	:	2009-06-04
Severity	:	High	Last Modification	:	2009-06-11

SCORING CVSS v2

Cvss Base Score	:	7.5	Attack Range	:	Network
Cvss Impact Score	:	6.4	Attack Complexity	:	Low
Cvss Expoit Score	:	10	Authentification	:	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information.

CPE COMMON PLATEFORM ENUMERATION (from NVD)

Application : Newearthpt Imgupload
- cpe:/a:newearthpt:imgupload:1.0

OPEN SOURCE VULNERABILITY DATABASE (OSVDB)

49428 : NEPT Image Uploader uploadp.php Content-Type Manipulation Unrestricted File Upload.

SECONDARY(S) SOURCE(S)

Source : BID
Url : http://www.securityfocus.com/bid/31909

Source : MILW0RM
Url : http://www.milw0rm.com/exploits/6830

Source : OSVDB
Url : http://osvdb.org/49428

Source : SECUNIA
Url : http://secunia.com/advisories/32412

Source : XF
Url : http://xforce.iss.net/xforce/xfdb/46089