CVE-2008-6750

Description

Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.

Affected products

• china-on-site / flexphpdirectory0.0.1 – 0.0.1

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/33353
• MISChttp://osvdb.org/51303
• EXPLOIThttps://www.exploit-db.com/exploits/7614
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/47641