{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T08:35:15.774","vulnerabilities":[{"cve":{"id":"CVE-2008-3117","sourceIdentifier":"cve@mitre.org","published":"2008-07-10T17:41:00.000","lastModified":"2026-04-23T00:35:47.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted file upload vulnerability in update_profile.php in PHPmotion 2.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of (1) image/gif, (2) image/jpeg, or (3) image/pjpeg, then accessing it via a direct request to the file under pictures/."},{"lang":"es","value":"Vulnerabilidad de subida de ficheros sin restricción en update_profile.php en PHPmotion 2.0 y anteriores, permite a usuarios autenticados remotamente la ejecución de código de su elección subiendo un fichero .php con un contenido de tipo (1) image/gif, (2) image/jpeg, o (3) image/pjpeg y posteriormente accediendo a él a través de una petición directa al fichero en pictures/."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpmotion:phpmotion:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0","matchCriteriaId":"D2EDB996-1FEC-40D7-AABE-6D53358CD514"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmotion:phpmotion:1.0:*:*:*:*:*:*:*","matchCriteriaId":"AC5BE53E-218B-47E9-A6B1-99BEE23CE9B4"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/29949","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43375","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/5938","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/29949","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43375","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/5938","source":"af854a3a-2127-422b-91ae-364da2661108"}],"evaluatorImpact":"Information from the vendor and further analysis show that the application is not affected by these issues."}}]}