CVE-2008-4767 - OpenCVE

Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php-nuke	Downloadsplus Module
Phpnuke	Php-nuke

Configuration 1 [-]

AND

cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*

cpe:2.3:a:php-nuke:downloadsplus_module:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html
http://www.securityfocus.com/bid/28919
https://exchange.xforce.ibmcloud.com/vulnerabilities/42007

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-28T10:00:00

Updated: 2024-08-07T10:24:21.122Z

Reserved: 2008-10-27T00:00:00

Link: CVE-2008-4767

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-10-28T10:30:01.227

Modified: 2019-07-01T16:48:52.397

Link: CVE-2008-4767

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28919", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28919"}, {"tags": ["x_refsource_MISC"], "url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html"}, {"name": "downloadsplus-extension-file-upload(42007)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42007"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4767", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28919", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28919"}, {"name": "http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html", "refsource": "MISC", "url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html"}, {"name": "downloadsplus-extension-file-upload(42007)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42007"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:24:21.122Z"}, "title": "CVE Program Container", "references": [{"name": "28919", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28919"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html"}, {"name": "downloadsplus-extension-file-upload(42007)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42007"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4767", "datePublished": "2008-10-28T10:00:00", "dateReserved": "2008-10-27T00:00:00", "dateUpdated": "2024-08-07T10:24:21.122Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:php-nuke:downloadsplus_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "35710335-96F5-46A9-9848-0BE9B7732DDD", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality."}, {"lang": "es", "value": "Vulnerabilidad de subida de fichero sin restricci\u00f3n en el m\u00f3dulo DownloadsPlus en PHP-Nuke, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s la subida de ficheros con la extensi\u00f3n (1) .htm, (2) .html, o (3) .txt y despu\u00e9s accediendo a ellos mediante una petici\u00f3n directa al archivo. NOTA: el origen de esta informaci\u00f3n es desconocido. Los detalles han sido obtenidos de terceros. NOTA: no est\u00e1 claro c\u00f3mo permitiendo la subida de archivos .txt o .html se permite la ejecuci\u00f3n arbitraria de c\u00f3digo; es posible que sea una funcionalidad leg\u00edtima."}], "id": "CVE-2008-4767", "lastModified": "2019-07-01T16:48:52.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-28T10:30:01.227", "references": [{"source": "cve@mitre.org", "url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28919"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42007"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}