Lucene search

MitreCVE-2008-5792

HistoryDec 31, 2008 - 11:30 a.m.

CVE-2008-5792

2008-12-3111:30:00

CWE-94

mitre

web.nvd.nist.gov

cve-2008-5792

php

remote file inclusion

indiscripts enthusiast

vulnerability

code execution

url

path parameter

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.031

Percentile

91.2%

JSON

PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.

Affected configurations

Nvd

Node

indisguiseindiscripts_enthusiastRange≤3.1.4

VendorProductVersionCPE
indisguiseindiscripts_enthusiast*cpe:2.3:a:indisguise:indiscripts_enthusiast:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
indisguise	indiscripts_enthusiast	*	cpe:2.3:a:indisguise:indiscripts_enthusiast::::::::

References

secunia.com/advisories/32628

securityreason.com/securityalert/4853

www.bugreport.ir/index_57.htm

www.securityfocus.com/archive/1/498161/100/0/threaded

www.securityfocus.com/bid/32205

www.vupen.com/english/advisories/2008/3073

exchange.xforce.ibmcloud.com/vulnerabilities/46476

www.exploit-db.com/exploits/7059

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.031

Percentile

91.2%

JSON

Related for CVE-2008-5792