CVE-2008-3117| Date: (C)2008-07-10 (M)2017-10-04 |
| |
| CVSS Score: 6.5 | Access Vector: NETWORK |
| Exploitability Subscore: 8.0 | Access Complexity: LOW |
| Impact Subscore: 6.4 | Authentication: SINGLE_INSTANCE |
| | Confidentiality: PARTIAL |
| | Integrity: PARTIAL |
| | Availability: PARTIAL |
Unrestricted file upload vulnerability in update_profile.php in PHPmotion 2.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of (1) image/gif, (2) image/jpeg, or (3) image/pjpeg, then accessing it via a direct request to the file under pictures/.
