Lucene search
HistoryOct 22, 2008 - 12:11 a.m.
CVE-2008-4645
cve-2008-4645
phpwebgallery
remote code execution
authentication
nvd
7.3 High
AI Score
Confidence
High
9 High
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.5%
plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.
Affected configurations
Node
phpwebgalleryphpwebgalleryRange≤1.7.2
ORphpwebgalleryphpwebgalleryMatch1.0
ORphpwebgalleryphpwebgalleryMatch1.1
ORphpwebgalleryphpwebgalleryMatch1.2.1
ORphpwebgalleryphpwebgalleryMatch1.3.0
ORphpwebgalleryphpwebgalleryMatch1.3.1
ORphpwebgalleryphpwebgalleryMatch1.3.2
ORphpwebgalleryphpwebgalleryMatch1.3.3
ORphpwebgalleryphpwebgalleryMatch1.3.4
ORphpwebgalleryphpwebgalleryMatch1.4.0
ORphpwebgalleryphpwebgalleryMatch1.4.1
ORphpwebgalleryphpwebgalleryMatch1.5.0
ORphpwebgalleryphpwebgalleryMatch1.5.1
ORphpwebgalleryphpwebgalleryMatch1.5.2
ORphpwebgalleryphpwebgalleryMatch1.6.0
ORphpwebgalleryphpwebgalleryMatch1.6.1
ORphpwebgalleryphpwebgalleryMatch1.6.2
ORphpwebgalleryphpwebgalleryMatch1.7.0
ORphpwebgalleryphpwebgalleryMatch1.7.1
Related
nessus
nessus
PhpWebGallery comments.php sort_by Parameter SQL Injection
2008-10-15 00:00:00
prion
prion
Code injection
2008-10-22 00:11:00
nvd
nvd
CVE-2008-4645
2008-10-22 00:11:50
cvelist
cvelist
CVE-2008-4645
2008-10-21 22:00:00
7.3 High
AI Score
Confidence
High
9 High
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.5%
Related for CVE-2008-4645