What is the severity of CVE-2008-4767?

CVE-2008-4767 has a medium severity, as it allows remote code execution through unrestricted file uploads.

How do I fix CVE-2008-4767?

To fix CVE-2008-4767, implement proper file type validation and restrict file uploads to safe formats.

What are the affected versions for CVE-2008-4767?

CVE-2008-4767 affects the DownloadsPlus module of PHP-Nuke, particularly vulnerable versions prior to security updates.

Can CVE-2008-4767 be exploited remotely?

Yes, CVE-2008-4767 can be exploited remotely by attackers uploading malicious files with specific extensions.

What are the potential impacts of CVE-2008-4767?

The potential impacts of CVE-2008-4767 include remote code execution, data theft, and unauthorized access to the web application.

Vulnerability/
CVE-2008-4767

critical

CWE

28/10/2008

7/8/2024

CVE-2008-4767: Input Validation

First published: Tue Oct 28 2008(Updated: )

Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PhpNuke
Rmsoft Downloads Plus Module

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-4767?
CVE-2008-4767 has a medium severity, as it allows remote code execution through unrestricted file uploads.
How do I fix CVE-2008-4767?
To fix CVE-2008-4767, implement proper file type validation and restrict file uploads to safe formats.
What are the affected versions for CVE-2008-4767?
CVE-2008-4767 affects the DownloadsPlus module of PHP-Nuke, particularly vulnerable versions prior to security updates.
Can CVE-2008-4767 be exploited remotely?
Yes, CVE-2008-4767 can be exploited remotely by attackers uploading malicious files with specific extensions.
What are the potential impacts of CVE-2008-4767?
The potential impacts of CVE-2008-4767 include remote code execution, data theft, and unauthorized access to the web application.

collector/nvd-historical
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/references
agent/event
agent/first-publish-date
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/phpnuke
canonical/phpnuke
vendor/php-nuke
canonical/rmsoft downloads plus module

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.