CVE-2008-6731

China-on-site Flexphplink - Improper Input Validation

Title source: rule

Description

Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Osirys · perlwebappsphp

https://www.exploit-db.com/exploits/7600

View Code ZIP pw:eip

References (5)

[Exploit] http://www.securityfocus.com/bid/33034

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/47614

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7600

[Vendor Advisory] http://secunia.com/advisories/33343

[Third Party Advisory, VDB Entry] http://www.osvdb.org/53187

Scores

EPSS 0.0609

EPSS Percentile 90.8%

Details

CWE

CWE-20

Status published

Products (1)

china-on-site/flexphplink 0.0.7

Published Apr 20, 2009

Tracked Since Feb 18, 2026