Lucene search

[email protected]CVE-2008-4502

HistoryOct 09, 2008 - 12:00 a.m.

CVE-2008-4502

2008-10-0900:00:01

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-4502

php

remote file inclusion

datafeedfile

dff

api

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.066 Low

EPSS

Percentile

93.8%

JSON

Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.

Affected configurations

NVD

Node

datafeedfiledff_framework_api

CPENameOperatorVersion
datafeedfile:dff_framework_apidatafeedfile dff framework apieq*

CPE	Name	Operator	Version
datafeedfile:dff_framework_api	datafeedfile dff framework api	eq	*

References

secunia.com/advisories/32166

securityreason.com/securityalert/4370

www.securityfocus.com/bid/31644

exchange.xforce.ibmcloud.com/vulnerabilities/45764

www.exploit-db.com/exploits/6700

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.066 Low

EPSS

Percentile

93.8%

JSON

Related for CVE-2008-4502

cvelist1 prion1 nvd1