CVE-2008-7088

Published: Aug 26, 2009Modified: Apr 23, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.

Affected (1)

Products: Photopost: Photopost Vbgallery

1 product

Photopost Vbgallery

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Photopost Photopost Vbgallery	Version 2.4.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.securityfocus.com/bid/30249

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/43845

Source: cve@mitre.org

https://www.exploit-db.com/exploits/6082

Source: cve@mitre.org

http://www.securityfocus.com/bid/30249

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/43845

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/6082

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.