CVE-2008-3769

2008-08-2216:00:00

mitre

www.cve.org

AI Score

7.5

Confidence

High

EPSS

0.011

Percentile

85.1%

JSON

PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter.

References

secunia.com/advisories/31475

securityreason.com/securityalert/4181

www.openfreeway.org/download/change-log.html

www.securityfocus.com/archive/1/495549/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/45036