CVE-2008-6793

Published: May 7, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.

Affected (3)

Products: Dflabs: Ptk

Dflabs

1 product

Ptk

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dflabs Ptk	Version 0.1
Dflabs Ptk	Version 0.2
Dflabs Ptk	Version 1.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://osvdb.org/49574

Source: cve@mitre.org

http://secunia.com/advisories/32553

Source: cve@mitre.org

http://www.ikkisoft.com/stuff/LC-2008-07.txt

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/498081/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/32128

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2008/3020

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/46380

Source: cve@mitre.org

https://www.exploit-db.com/exploits/7001

Source: cve@mitre.org

http://osvdb.org/49574