Ghlab: Security Vulnerabilities
Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request.
CVSS Score
7.5
EPSS Score
0.031
Published
2007-10-30
The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html.
CVSS Score
6.8
EPSS Score
0.003
Published
2007-10-30
Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
CVSS Score
5.0
EPSS Score
0.022
Published
2007-10-30