Lucene search

[email protected]CVE-2008-2051

HistoryMay 05, 2008 - 5:20 p.m.

CVE-2008-2051

2008-05-0517:20:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

php

cve

escapeshellcmd

vulnerability

nvd

6.1 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.7%

JSON

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to “incomplete multibyte chars.”

CPENameOperatorVersion
php:phpphpeq5.1.5
php:phpphpeq5.1.2
php:phpphpeq5.1.1
php:phpphpeq5.0.0
php:phpphpeq5.1.6
php:phpphpeq5.2.2
php:phpphpeq5.0.5
php:phpphpeq5.0.1
php:phpphpeq5.1.4
php:phpphpeq5.0.4

CPE	Name	Operator	Version
php:php	php	eq	5.1.5
php:php	php	eq	5.1.2
php:php	php	eq	5.1.1
php:php	php	eq	5.0.0
php:php	php	eq	5.1.6
php:php	php	eq	5.2.2
php:php	php	eq	5.0.5
php:php	php	eq	5.0.1
php:php	php	eq	5.1.4
php:php	php	eq	5.0.4

Rows per page:

1-10 of 191

References

lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

secunia.com/advisories/30048

secunia.com/advisories/30083

secunia.com/advisories/30158

secunia.com/advisories/30288

secunia.com/advisories/30345

secunia.com/advisories/30411

secunia.com/advisories/30757

secunia.com/advisories/30828

secunia.com/advisories/30967

secunia.com/advisories/31119

secunia.com/advisories/31124

secunia.com/advisories/31200

secunia.com/advisories/31326

secunia.com/advisories/32746

security.gentoo.org/glsa/glsa-200811-05.xml

wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

wiki.rpath.com/wiki/Advisories:rPSA-2008-0178

www.debian.org/security/2008/dsa-1572

www.debian.org/security/2008/dsa-1578

www.mandriva.com/security/advisories?name=MDVSA-2008:125

www.mandriva.com/security/advisories?name=MDVSA-2008:126

www.mandriva.com/security/advisories?name=MDVSA-2008:127

www.mandriva.com/security/advisories?name=MDVSA-2008:128

www.openwall.com/lists/oss-security/2008/05/02/2

www.php.net/ChangeLog-5.php

www.redhat.com/support/errata/RHSA-2008-0505.html

www.redhat.com/support/errata/RHSA-2008-0544.html

www.redhat.com/support/errata/RHSA-2008-0545.html

www.redhat.com/support/errata/RHSA-2008-0546.html

www.redhat.com/support/errata/RHSA-2008-0582.html

www.securityfocus.com/archive/1/492535/100/0/threaded

www.securityfocus.com/archive/1/492671/100/0/threaded

www.securityfocus.com/bid/29009

www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951

www.ubuntu.com/usn/usn-628-1

www.vupen.com/english/advisories/2008/1412

www.vupen.com/english/advisories/2008/2268

issues.rpath.com/browse/RPL-2503

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256

www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html

www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html

6.1 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2008-2051

prion1 veracode1 ubuntucve1 nessus23 osv2 openvas36 debian2 fedora3 redhat5 oraclelinux2 centos3 ubuntu1 gentoo1