CVE-2008-2832

Published: Jun 24, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.

Affected (1)

Products: Fullrevolution: Aspwebcalendar2008

1 product

Aspwebcalendar2008

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fullrevolution Aspwebcalendar2008	All versions

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/29795

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/43201

Source: cve@mitre.org

https://www.exploit-db.com/exploits/5850

Source: cve@mitre.org

http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/29795

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/43201

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/5850

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.