CVE-2008-6814

{"id": "CVE-2008-6814", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-05-28T14:30:00.233", "references": [{"url": "http://www.securityfocus.com/bid/31981", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/6868", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528."}, {"lang": "es", "value": "Vulnerabilidad de env\u00edo de archivo no restringido en image_upload.php en el componente SimpleBoard (com_simpleboard) v1.0.1 y anteriores para Mambo permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante la subida de un fichero con extensi\u00f3n ejecutable y un contenido de tipo image/jpeg, para posteriormente acceder al fichero mediante una petici\u00f3n directa en components/com_simpleboard/, una vulnerabilidad diferente a CVE-2006-3528."}], "lastModified": "2017-09-29T01:33:21.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "214C71D6-216D-4F39-96E7-E002967A1A1D", "versionEndIncluding": "1.0.1"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2522DB6-DFCA-4CC9-BC2E-673FE5C0AA84"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1845E826-71C0-4E1F-AE6E-D2F3CD8A6C14"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "995C878F-CEAC-4D55-A9B7-B34B69820ABD"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0DABF8C-4226-4101-B6BF-DBF50CF7E724"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E77F6D71-DDB0-4FC6-8882-2BA75FA3C728"}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B05EA3B-4AEB-45CB-BDEC-6AAA6A1C2492"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mambo:mambo:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A453A9F-12E9-40FC-8C42-D80C780154E2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}