Unrestricted File Upload Vulnerability in OneCMS by OneCMS
CVE-2008-7209

Currently unrated

Key Information:

Vendor: Insane Visions
Status: Onecms
Vendor: CVE Published:; 11 September 2009

🔔 Create Insane Visions Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 13%

What is CVE-2008-7209?

OneCMS, particularly version 2.4 and possibly earlier versions, is susceptible to an unrestricted file upload vulnerability in the add2 action within a_upload.php. This flaw allows remote attackers to exploit the system by uploading malicious files disguised with safe content types, such as image/gif. Once uploaded, attackers can execute arbitrary code by directly accessing the file from incorrect directory permissions, leading to potential unauthorized control over the affected system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-7209 - Proof of Concept

References

http://www.bugreport.ir/index_26.htm

x_refsource_MISC

http://www.securityfocus.com/archive/1/485837/100/200/thr...

mailing-listx_refsource_BUGTRAQ

http://sourceforge.net/forum/forum.php?forum_id=774946

x_refsource_CONFIRM

EPSS Score

13% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 11, 2009
👾
Exploit known to exist
Sep 11, 2009
Vulnerability published
Sep 11, 2009
Vulnerability Reserved
Sep 11, 2009

CVE-2008-7209 Data

JSON