Lucene search

[email protected]CVE-2008-3239

HistoryJul 21, 2008 - 4:41 p.m.

CVE-2008-3239

2008-07-2116:41:00

CWE-20

[email protected]

web.nvd.nist.gov

145

cve-2008-3239

file upload

phpizabi

security vulnerability

remote code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.089 Low

EPSS

Percentile

94.6%

JSON

Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter.

Affected configurations

NVD

Node

phpizabiphpizabiMatch0.848bc1

phpizabiphpizabiMatch0.848bc1_hfp1

CPENameOperatorVersion
phpizabi:phpizabiphpizabieq0.848b

CPE	Name	Operator	Version
phpizabi:phpizabi	phpizabi	eq	0.848b

References

secunia.com/advisories/31127

securityreason.com/securityalert/4022

www.securityfocus.com/bid/30257

exchange.xforce.ibmcloud.com/vulnerabilities/43856

www.exploit-db.com/exploits/6085

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.089 Low

EPSS

Percentile

94.6%

JSON

Related for CVE-2008-3239

exploitdb1 packetstorm1 prion1 exploitpack1 nvd1 seebug2 cvelist1