Lucene search

[email protected]CVE-2008-2110

HistoryMay 07, 2008 - 11:20 p.m.

CVE-2008-2110

2008-05-0723:20:00

CWE-20

[email protected]

web.nvd.nist.gov

security

vulnerability

file upload

qtofilemanager

nvd

cve-2008-2110

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.041 Low

EPSS

Percentile

92.2%

JSON

Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request.

Affected configurations

NVD

Node

qtoqtofilemanagerMatch1.0

CPENameOperatorVersion
qto:qtofilemanagerqto qtofilemanagereq1.0

CPE	Name	Operator	Version
qto:qtofilemanager	qto qtofilemanager	eq	1.0

References

securityreason.com/securityalert/3860

www.securityfocus.com/archive/1/491699/100/0/threaded

www.securityfocus.com/archive/1/491756/100/0/threaded

www.securityfocus.com/bid/29072

exchange.xforce.ibmcloud.com/vulnerabilities/42236

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.041 Low

EPSS

Percentile

92.2%

JSON

Related for CVE-2008-2110

cvelist1 prion1 nvd1