ID CVE-2009-1512Type cveReporter NVDModified 2017-09-28T21:34:24
Description
Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.
{"id": "CVE-2009-1512", "bulletinFamily": "NVD", "title": "CVE-2009-1512", "description": "Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.", "published": "2009-05-01T18:30:00", "modified": "2017-09-28T21:34:24", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1512", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/50390", "https://www.exploit-db.com/exploits/8317"], "cvelist": ["CVE-2009-1512"], "type": "cve", "lastseen": "2017-09-29T14:26:36", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:keir_davis:x-forum:0.6.2"], "cvelist": ["CVE-2009-1512"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.", "edition": 2, "enchantments": {}, "hash": "0e598a612429bd51151110c662e147aaaa73c1b0c8d4ff6cb95fadd1a7c3170c", "hashmap": [{"hash": "aff38f99e0ce110b67fa437a8a9d33e5", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "ae5cb5bacaccc909594afd0585ad6db5", "key": "href"}, {"hash": "43b590b89e0f1501364bf505e785ebd0", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "f931d2ad216756f2fe565ea6fab7bac7", "key": "cvelist"}, {"hash": "e07c418bad8df66d6f29e15752d14707", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "4fb521258e0a7c29cf216562ecfacbde", "key": "cpe"}, {"hash": "7acdec9394e8727f5f26518e860bf0e5", "key": "published"}, {"hash": "0d834454c80b684d1e82acbaa86b9b16", "key": "description"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1512", "id": "CVE-2009-1512", "lastseen": "2017-08-17T11:14:19", "modified": "2017-08-16T21:30:23", "objectVersion": "1.3", "published": "2009-05-01T18:30:00", "references": ["http://www.milw0rm.com/exploits/8317", "https://exchange.xforce.ibmcloud.com/vulnerabilities/50390"], "reporter": "NVD", "scanner": [], "title": "CVE-2009-1512", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-08-17T11:14:19"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:keir_davis:x-forum:0.6.2"], "cvelist": ["CVE-2009-1512"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.", "edition": 1, "enchantments": {}, "hash": "46bf2f1a9c13ab851c5b0a0c8ae8b68b09a8cb3f3776fda1d50a04bf06801e90", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "ae5cb5bacaccc909594afd0585ad6db5", "key": "href"}, {"hash": "43b590b89e0f1501364bf505e785ebd0", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "f931d2ad216756f2fe565ea6fab7bac7", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "4fb521258e0a7c29cf216562ecfacbde", "key": "cpe"}, {"hash": "7acdec9394e8727f5f26518e860bf0e5", "key": "published"}, {"hash": "29bed575a0be4639718ba0aa91d16226", "key": "references"}, {"hash": "0d834454c80b684d1e82acbaa86b9b16", "key": "description"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "8acc51aa8916156c2539147dd352d209", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1512", "id": "CVE-2009-1512", "lastseen": "2016-09-03T12:21:27", "modified": "2009-05-13T01:28:03", "objectVersion": "1.2", "published": "2009-05-01T18:30:00", "references": ["http://www.milw0rm.com/exploits/8317", "http://xforce.iss.net/xforce/xfdb/50390"], "reporter": "NVD", "scanner": [], "title": "CVE-2009-1512", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T12:21:27"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "4fb521258e0a7c29cf216562ecfacbde"}, {"key": "cvelist", "hash": "f931d2ad216756f2fe565ea6fab7bac7"}, {"key": "cvss", "hash": "9acfc3ecd06539a3534549fd05dfad8e"}, {"key": "description", "hash": "0d834454c80b684d1e82acbaa86b9b16"}, {"key": "href", "hash": "ae5cb5bacaccc909594afd0585ad6db5"}, {"key": "modified", "hash": "754aa99f1bae5fde5a67fda3de3f3179"}, {"key": "published", "hash": "7acdec9394e8727f5f26518e860bf0e5"}, {"key": "references", "hash": "4e5f3c171f7024a79aa0fe1e2ca347ad"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "43b590b89e0f1501364bf505e785ebd0"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f59abfce089be0328ba7ffef16829c717bb4f5296539deb453b97c6d34e795e3", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:keir_davis:x-forum:0.6.2"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"exploitdb": [{"id": "EDB-ID:8317", "type": "exploitdb", "title": "X-Forum 0.6.2 - Remote Command Execution Exploit", "description": "X-Forum 0.6.2 Remote Command Execution Exploit. CVE-2009-1508,CVE-2009-1512. Webapps exploit for php platform", "published": "2009-03-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/8317/", "cvelist": ["CVE-2009-1512", "CVE-2009-1508"], "lastseen": "2016-02-01T04:14:23"}]}}
