Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request.
References
Configurations
Information
Published : 2009-03-25 11:30
Updated : 2017-09-28 18:33
NVD link : CVE-2008-6518
Mitre link : CVE-2008-6518
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
vidiscript
- vidiscript