cpe:/a:flysforum:flaber:1.1 CVE-2008-6490 2009-03-19T06:30:00.343-04:00 2017-09-28T21:33:12.213-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-03-19T10:38:00.000-04:00 ALLOWS_OTHER_ACCESS EXPLOIT-DB 5407 VUPEN ADV-2008-1163 XF flaber-updatexml-code-execution(41715) function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/upload_file.php.