VYPR
Unrated severityNVD Advisory· Published Oct 28, 2008· Updated Jun 16, 2026

CVE-2008-4767

CVE-2008-4767

Description

Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:php-nuke:downloadsplus_module:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:php-nuke:downloadsplus_module:*:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.