CVE-2008-6660 - Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote a

CVE-2008-6660

Summary

Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information.

References

http://www.securityfocus.com/archive/1/498093/100/0/threaded
http://www.securityfocus.com/bid/32152
https://exchange.xforce.ibmcloud.com/vulnerabilities/46539

Vulnerable Configurations

cpe:2.3:a:ozerov:bigdump:029b:*:*:*:*:*:*:*
cpe:2.3:a:ozerov:bigdump:029b:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 11-10-2018 - 20:57)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	32152
bugtraq	20081106 Remote access vulnerability using BigDump ver. 0.29b
xf	bigdump-bigdump-file-upload(46539)

Last major update

11-10-2018 - 20:57

Published

07-04-2009 - 19:30

Last modified

11-10-2018 - 20:57