CVE-2008-6814 - Vulnerability Details - OpenCVE

Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jan De Graaff	Com Simpleboard
Mambo	Mambo

Configuration 1 [-]

AND

OR	cpe:2.3:a:jan_de_graaff:com_simpleboard::::::::
	cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9:::::::*
	cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.1:::::::*
	cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.2:::::::*
	cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc1::::::
	cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc2::::::
	cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc3::::::

cpe:2.3:a:mambo:mambo:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/31981
https://exchange.xforce.ibmcloud.com/vulnerabilities/46223
https://www.exploit-db.com/exploits/6868

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-05-28T14:00:00

Updated: 2024-08-07T11:42:00.665Z

Reserved: 2009-05-28T00:00:00

Link: CVE-2008-6814

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-05-28T14:30:00.233

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-6814

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-29T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "simpleboard-imageupload-file-upload(46223)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223"}, {"name": "6868", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6868"}, {"name": "31981", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31981"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6814", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "simpleboard-imageupload-file-upload(46223)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223"}, {"name": "6868", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6868"}, {"name": "31981", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31981"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:42:00.665Z"}, "title": "CVE Program Container", "references": [{"name": "simpleboard-imageupload-file-upload(46223)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223"}, {"name": "6868", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6868"}, {"name": "31981", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31981"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6814", "datePublished": "2009-05-28T14:00:00", "dateReserved": "2009-05-28T00:00:00", "dateUpdated": "2024-08-07T11:42:00.665Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:*:*:*:*:*:*:*:*", "matchCriteriaId": "214C71D6-216D-4F39-96E7-E002967A1A1D", "versionEndIncluding": "1.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "C2522DB6-DFCA-4CC9-BC2E-673FE5C0AA84", "vulnerable": true}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "1845E826-71C0-4E1F-AE6E-D2F3CD8A6C14", "vulnerable": true}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "995C878F-CEAC-4D55-A9B7-B34B69820ABD", "vulnerable": true}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C0DABF8C-4226-4101-B6BF-DBF50CF7E724", "vulnerable": true}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "E77F6D71-DDB0-4FC6-8882-2BA75FA3C728", "vulnerable": true}, {"criteria": "cpe:2.3:a:jan_de_graaff:com_simpleboard:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "7B05EA3B-4AEB-45CB-BDEC-6AAA6A1C2492", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:mambo:mambo:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A453A9F-12E9-40FC-8C42-D80C780154E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528."}, {"lang": "es", "value": "Vulnerabilidad de env\u00edo de archivo no restringido en image_upload.php en el componente SimpleBoard (com_simpleboard) v1.0.1 y anteriores para Mambo permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante la subida de un fichero con extensi\u00f3n ejecutable y un contenido de tipo image/jpeg, para posteriormente acceder al fichero mediante una petici\u00f3n directa en components/com_simpleboard/, una vulnerabilidad diferente a CVE-2006-3528."}], "id": "CVE-2008-6814", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-05-28T14:30:00.233", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31981"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31981"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6868"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}