Published: 12/08/2009 Updated: 29/09/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 665

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
scriptsfeed auto classifieds -

[~] ScriptsFeed (SF) Real Estate Classifieds Software Remote File Upload [~] [~] ---------------------------------------------------------- [~] Discovered By: ZoRLu [~] [~] Date: 13112008 [~] [~] Home: wwwz0rlublogspotcom [~] [~] contact: trt-turk@hotmailcom [~] [~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( ( [~] [~] my bug number no ...

[~] ScriptsFeed (SF) Recipes Listing Portal Remote File Upload [~] [~] ---------------------------------------------------------- [~] Discovered By: ZoRLu [~] [~] Date: 13112008 [~] [~] Home: wwwz0rlublogspotcom [~] [~] contact: trt-turk@hotmailcom [~] [~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( ( [~] [~] my bug number now: 39 [~] ...

[~] ScriptsFeed (SF) Auto Classifieds Software Remote File Upload [~] [~] ---------------------------------------------------------- [~] Discovered By: ZoRLu [~] [~] Date: 13112008 [~] [~] Home: wwwz0rlublogspotcom [~] [~] contact: trt-turk@hotmailcom [~] [~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( ( [~] [~] my bug number now: 39 [ ...

CWE-20 http://secunia.com/advisories/32690 http://osvdb.org/49960 http://www.securityfocus.com/bid/32293 https://exchange.xforce.ibmcloud.com/vulnerabilities/46608 https://www.exploit-db.com/exploits/7111 https://nvd.nist.gov https://www.exploit-db.com/exploits/7110/

CVE-2008-6944

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect