CVE-2008-6367 — HIGH (8.5) — White Hats Nepal

Vulnerability Description

Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/.

CVSS Score

8.5

HIGH

AV:N/AC:M/Au:S/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Socialgroupie	Social Groupie	-

Related Weaknesses (CWE)

CWE-20

References

http://secunia.com/advisories/33125Vendor Advisory
https://www.exploit-db.com/exploits/7435
http://secunia.com/advisories/33125Vendor Advisory
https://www.exploit-db.com/exploits/7435

FAQ

What is CVE-2008-6367?

CVE-2008-6367 is a vulnerability with a CVSS score of 8.5 (HIGH). Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then a...

How severe is CVE-2008-6367?

CVE-2008-6367 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-6367?

Check the references section above for vendor advisories and patch information. Affected products include: Socialgroupie Social Groupie.