CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-2832

Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.074

EPSS Ranking 91.4%

CVSS Severity

CVSS v2 Score 10.0

References

http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html
http://www.securityfocus.com/bid/29795
https://exchange.xforce.ibmcloud.com/vulnerabilities/43201
https://www.exploit-db.com/exploits/5850
http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html
http://www.securityfocus.com/bid/29795
https://exchange.xforce.ibmcloud.com/vulnerabilities/43201
https://www.exploit-db.com/exploits/5850

Products affected by CVE-2008-2832

Fullrevolution » Aspwebcalendar2008 » Version: Any

cpe:2.3:a:fullrevolution:aspwebcalendar2008:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-2832

Products

Pricing

Contact Us