Vulnerabilities > CVE-2008-6638 - Configuration vulnerability in Versalsoft Http File Upload Activex Control 6.0.0.35

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

versalsoft

CWE-16

exploit available

NVD

Published: 2009-04-07

Updated: 2017-09-29

Summary

Insecure method vulnerability in the Versalsoft HTTP Image Uploader ActiveX control (UUploaderSvrD.dll 6.0.0.35) allows remote attackers to delete arbitrary files via the RemoveFileOrDir method.

Vulnerable Configurations

Part	Description	Count
Application	Versalsoft Versalsoft Http File Upload Activex Control 6.0.0.35	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Exploit-Db

id EDB-ID:5272
id EDB-ID:5569

References

http://www.securityfocus.com/bid/28301
https://exchange.xforce.ibmcloud.com/vulnerabilities/41258
https://www.exploit-db.com/exploits/5272
https://www.exploit-db.com/exploits/5569