Vulnerability Description
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fullrevolution | Aspwebcalendar2008 | All versions |
Related Weaknesses (CWE)
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html
- http://www.securityfocus.com/bid/29795Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43201
- https://www.exploit-db.com/exploits/5850
- http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html
- http://www.securityfocus.com/bid/29795Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43201
- https://www.exploit-db.com/exploits/5850
FAQ
What is CVE-2008-2832?
CVE-2008-2832 is a vulnerability with a CVSS score of 10.0 (HIGH). Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfil...
How severe is CVE-2008-2832?
CVE-2008-2832 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2832?
Check the references section above for vendor advisories and patch information. Affected products include: Fullrevolution Aspwebcalendar2008.