Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/.
References
Configurations
History
No history.
Information
Published : 2009-08-25 10:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-7076
Mitre link : CVE-2008-7076
CVE.ORG link : CVE-2008-7076
JSON object : View
Products Affected
kalptaru_infotech
- stararticles
CWE
CWE-264
Permissions, Privileges, and Access Controls