CVE-2008-2198

2008-05-1417:00:00

mitre

www.cve.org

AI Score

7.5

Confidence

High

EPSS

0.089

Percentile

94.6%

JSON

PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

References

advisories.echo.or.id/adv/adv93-K-159-2008.txt

securityreason.com/securityalert/3877

www.securityfocus.com/archive/1/491616/100/0/threaded

www.securityfocus.com/bid/29042

exchange.xforce.ibmcloud.com/vulnerabilities/42186

www.exploit-db.com/exploits/5544