CVE-2008-0251

PhotoPost vBGallery < 2.4.1 - Unauthenticated Arbitrary File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0251.

AI-analyzed exploit summary This is a technical writeup describing a remote file upload vulnerability in vBulletin PhotoPost vBGallery v2.x. The exploit involves uploading a PHP shell disguised as a .wmv file, leveraging the application's handling of file extensions and user account directories.

Description

Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/6082

View Code ZIP pw:eip

This is a technical writeup describing a remote file upload vulnerability in vBulletin PhotoPost vBGallery v2.x. The exploit involves uploading a PHP shell disguised as a .wmv file, leveraging the application's handling of file extensions and user account directories.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: vBulletin PhotoPost vBGallery v2.x

Auth required

Prerequisites: Valid user account on the target forum · Access to the upload.php script

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources x_refsource_confirm

http://www.photopost.com/forum/showthread.php?t=134910

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39621

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28430

Various Sources x_refsource_confirm

http://www.photopost.com/forum/showthread.php?t=134909

Scores

EPSS 0.0354

EPSS Percentile 87.8%

Details

CWE

CWE-20 CWE-94

Status published

Products (1)

photopost/photopost_vbgallery < 2.4.1

Published Jan 12, 2008

Tracked Since Feb 18, 2026