Vulnerabilities > CVE-2008-6530 - Local Arbitrary File Upload vulnerability in Ezonescripts Living Local 1.1

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ezonescripts
exploit available

Summary

Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.

Vulnerable Configurations

Part Description Count
Application
Ezonescripts
1

Exploit-Db

descriptionLiving Local 1.1 (XSS-RFU) Multiple Remote Vulnerabilities. CVE-2008-6529,CVE-2008-6530. Webapps exploit for php platform
fileexploits/php/webapps/7408.txt
idEDB-ID:7408
last seen2016-02-01
modified2008-12-10
platformphp
port
published2008-12-10
reporterBgh7
sourcehttps://www.exploit-db.com/download/7408/
titleliving Local 1.1 xss-rfu Multiple Vulnerabilities
typewebapps