CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-4819

Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.026

EPSS Ranking 84.9%

CVSS Severity

CVSS v2 Score 6.8

References

http://www.exploit-db.com/exploits/10584
http://www.securityfocus.com/bid/37436
https://exchange.xforce.ibmcloud.com/vulnerabilities/54958
http://www.exploit-db.com/exploits/10584
http://www.securityfocus.com/bid/37436
https://exchange.xforce.ibmcloud.com/vulnerabilities/54958

Products affected by CVE-2009-4819

Stoverud » Phphotoalbum » Version: 0.3

cpe:2.3:a:stoverud:phphotoalbum:0.3
Stoverud » Phphotoalbum » Version: 0.4

cpe:2.3:a:stoverud:phphotoalbum:0.4
Stoverud » Phphotoalbum » Version: 0.5

cpe:2.3:a:stoverud:phphotoalbum:0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-4819

Products

Pricing

Contact Us