Published: 28/10/2008 Updated: 01/07/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote malicious users to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php-nuke downloadsplus_module

source: wwwsecurityfocuscom/bid/28919/info The DownloadsPlus module for PHP-Nuke is prone to a vulnerability that lets remote attackers upload and execute arbitrary code because the application fails to sanitize user-supplied input This issue permits attackers to upload arbitrary files with 'htm', 'html', or 'txt' extensions An atta ...

CWE-20 http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html http://www.securityfocus.com/bid/28919 https://exchange.xforce.ibmcloud.com/vulnerabilities/42007 https://nvd.nist.gov https://www.exploit-db.com/exploits/31702/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-4767

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect