CVE-2008-6978

Published: Aug 19, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.

Affected (1)

Products: Fullrevolution: Aspwebalbum

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fullrevolution Aspwebalbum	Version 3.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://osvdb.org/47913

Source: cve@mitre.org

http://secunia.com/advisories/31649

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/30996

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/44876

Source: cve@mitre.org

https://www.exploit-db.com/exploits/6357

Source: cve@mitre.org

https://www.exploit-db.com/exploits/6420

Source: cve@mitre.org

http://osvdb.org/47913

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31649

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/30996

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44876

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/6357

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/6420

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.