Lucene search

[email protected]CVE-2008-2886

HistoryJun 27, 2008 - 6:41 p.m.

CVE-2008-2886

2008-06-2718:41:00

CWE-94

[email protected]

web.nvd.nist.gov

cve

php

remote file inclusion

vulnerability

jamroom

8.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

86.1%

JSON

PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter.

CPENameOperatorVersion
jamroom:jamroomjamroomeq3.3.5
jamroom:jamroomjamroomeq3.3.0
jamroom:jamroomjamroomeq3.3.2
jamroom:jamroomjamroomeq3.3.3
jamroom:jamroomjamroomeq3.3.1
jamroom:jamroomjamroomeq3.3.4

CPE	Name	Operator	Version
jamroom:jamroom	jamroom	eq	3.3.5
jamroom:jamroom	jamroom	eq	3.3.0
jamroom:jamroom	jamroom	eq	3.3.2
jamroom:jamroom	jamroom	eq	3.3.3
jamroom:jamroom	jamroom	eq	3.3.1
jamroom:jamroom	jamroom	eq	3.3.4

References

secunia.com/advisories/30806

securityreason.com/securityalert/3961

www.jamroom.net/

www.jamroom.net/index.php?m=td_tracker&o=view&id=1130

www.securityfocus.com/bid/29854

exchange.xforce.ibmcloud.com/vulnerabilities/43299

www.exploit-db.com/exploits/5876

8.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

86.1%

JSON

Related for CVE-2008-2886

cvelist1 prion1