CVE-2008-6814

Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/31981	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46223
https://www.exploit-db.com/exploits/6868
http://www.securityfocus.com/bid/31981	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46223
https://www.exploit-db.com/exploits/6868

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:jan_de_graaff:com_simpleboard::::::::
	cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9:::::::*
	cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.1:::::::*
	cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.2:::::::*
	cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc1::::::
	cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc2::::::
	cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc3::::::

cpe:2.3:a:mambo:mambo:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:57

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/31981 - Exploit~~	() http://www.securityfocus.com/bid/31981 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/46223 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/46223 -
References	~~() https://www.exploit-db.com/exploits/6868 -~~	() https://www.exploit-db.com/exploits/6868 -

Information

Published : 2009-05-28 14:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-6814

Mitre link : CVE-2008-6814

CVE.ORG link : CVE-2008-6814

JSON object : View

Products Affected

mambo

mambo

jan_de_graaff

com_simpleboard

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2008-6814", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-05-28T14:30:00.233", "references": [{"url": "http://www.securityfocus.com/bid/31981", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/6868", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31981", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/6868", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528."}, {"lang": "es", "value": "Vulnerabilidad de env\u00edo de archivo no restringido en image_upload.php en el componente SimpleBoard (com_simpleboard) v1.0.1 y anteriores para Mambo permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante la subida de un fichero con extensi\u00f3n ejecutable y un contenido de tipo image/jpeg, para posteriormente acceder al fichero mediante una petici\u00f3n directa en components/com_simpleboard/, una vulnerabilidad diferente a CVE-2006-3528."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "214C71D6-216D-4F39-96E7-E002967A1A1D", "versionEndIncluding": "1.0.1"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2522DB6-DFCA-4CC9-BC2E-673FE5C0AA84"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1845E826-71C0-4E1F-AE6E-D2F3CD8A6C14"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "995C878F-CEAC-4D55-A9B7-B34B69820ABD"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0DABF8C-4226-4101-B6BF-DBF50CF7E724"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E77F6D71-DDB0-4FC6-8882-2BA75FA3C728"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B05EA3B-4AEB-45CB-BDEC-6AAA6A1C2492"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mambo:mambo:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A453A9F-12E9-40FC-8C42-D80C780154E2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

6.8 /10