CVE-2008-4366

Camera Life 2.6.2b4 - Authenticated Arbitrary File Upload via Image Upload Component

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4366. PoCs published by Mi4night.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in CameraLife 2.6.2b4, allowing authenticated users to upload and execute PHP files. The exploit path is provided, but no functional code is included.

Description

Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Mi4night · textwebappsphp
https://www.exploit-db.com/exploits/6594

This is a writeup describing an arbitrary file upload vulnerability in CameraLife 2.6.2b4, allowing authenticated users to upload and execute PHP files. The exploit path is provided, but no functional code is included.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: CameraLife 2.6.2b4
Auth required
Prerequisites: User registration on the target system
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45492
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6594
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4344
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31456

Scores

EPSS 0.0306
EPSS Percentile 86.0%

Details

CWE
CWE-20
Status published
Products (1)
camera_life/camera_life 2.6.2b4
Published Sep 30, 2008
Tracked Since Feb 18, 2026