ImperialBB Remote File Upload Vulnerability
BID:30100
Info
ImperialBB Remote File Upload Vulnerability
| Bugtraq ID: | 30100 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3093 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 05 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | PHPLizardo |
| Vulnerable: |
ImperialBB ImperialBB 2.3.5 |
| Not Vulnerable: | |
Discussion
ImperialBB Remote File Upload Vulnerability
ImperialBB is prone to a vulnerability that allows an attacker to upload arbitrary script code and execute it in the context of the webserver process. This may help the attacker gain unauthorized access or escalate privileges; other attacks are also possible.
Versions up to and including ImperialBB 2.3.5 are vulnerable.
ImperialBB is prone to a vulnerability that allows an attacker to upload arbitrary script code and execute it in the context of the webserver process. This may help the attacker gain unauthorized access or escalate privileges; other attacks are also possible.
Versions up to and including ImperialBB 2.3.5 are vulnerable.
Exploit / POC
ImperialBB Remote File Upload Vulnerability
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Solution / Fix
ImperialBB Remote File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
ImperialBB Remote File Upload Vulnerability
References:
References: