Lucene search

[email protected]CVE-2008-4206

HistorySep 24, 2008 - 2:56 p.m.

CVE-2008-4206

2008-09-2414:56:52

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-4206

php

remote file inclusion

config.php

attachmax dolphin 2.1.0

7.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON

PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.

Affected configurations

NVD

Node

attachmaxdolphinMatch2.1.0

CPENameOperatorVersion
attachmax:dolphinattachmax dolphineq2.1.0

CPE	Name	Operator	Version
attachmax:dolphin	attachmax dolphin	eq	2.1.0

References

e-rdc.org/v1/news.php?readmore=108

osvdb.org/48269

secunia.com/advisories/31794

securityreason.com/securityalert/4307

www.securityfocus.com/archive/1/496427/100/0/threaded

www.securityfocus.com/bid/31207

www.exploit-db.com/exploits/6468

7.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2008-4206

cvelist1 prion1 nvd1