QwikSec

Security Database

CVE

CWE

Training

CVE-2008-7029

Published: Aug 24, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in uploads/avatars/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

20080211 aliboard Beta Upload Shell From ControlPanel

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_OSVDB

aliboard-usercp-file-upload(40276)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.