Unrated severityNVD Advisory· Published Dec 19, 2008· Updated Apr 23, 2026

CVE-2008-5663

Description

Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.

Affected products

Kusaba/Kusaba
cpe:2.3:a:kusaba:kusaba:*:*:*:*:*:*:*:*
Range: <=1.0.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/31685nvdVendor Advisory
securityreason.com/securityalert/4782nvd
www.securityfocus.com/bid/31668nvd
exchange.xforce.ibmcloud.com/vulnerabilities/45793nvd
exchange.xforce.ibmcloud.com/vulnerabilities/45794nvd
www.exploit-db.com/exploits/6706nvd
www.exploit-db.com/exploits/6711nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000