CVE-2008-6492

Tizag Countdown Creator - Improper Input Validation

Title source: rule

Description

Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ahmadbady · textwebappsphp

https://www.exploit-db.com/exploits/7354

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/33007

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/47129

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/32661

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7354

[Third Party Advisory, VDB Entry] http://osvdb.org/51305

Scores

EPSS 0.0252

EPSS Percentile 85.2%

Classification

CWE

CWE-20

Status draft

Affected Products (1)

tizag/tizag_countdown_creator

Timeline

Published Mar 20, 2009

Tracked Since Feb 18, 2026