Lucene search

[email protected]CVE-2008-6934

HistoryAug 11, 2009 - 9:00 p.m.

CVE-2008-6934

2009-08-1121:00:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-6934

sanusart

php

code injection

vulnerability

guestbook

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.113 Low

EPSS

Percentile

95.2%

JSON

Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

sansuartfree_simple_guestbook_php_script

CPENameOperatorVersion
sansuart:free_simple_guestbook_php_scriptsansuart free simple guestbook php scripteq*

CPE	Name	Operator	Version
sansuart:free_simple_guestbook_php_script	sansuart free simple guestbook php script	eq	*

References

osvdb.org/49703

secunia.com/advisories/32643

www.sanusart.com/news.php

www.securityfocus.com/bid/32240

www.vupen.com/english/advisories/2008/3095

exchange.xforce.ibmcloud.com/vulnerabilities/46526

www.exploit-db.com/exploits/7079

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.113 Low

EPSS

Percentile

95.2%

JSON

Related for CVE-2008-6934

prion1 nvd1 cvelist1