Lucene search
MitreCVELIST:CVE-2008-3922HistorySep 04, 2008 - 6:00 p.m.
CVE-2008-3922
2008-09-0418:00:00
mitre
www.cve.org
3
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.
References
secunia.com/advisories/31630
securityreason.com/securityalert/4218
securityreason.com/securityalert/8259
userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt
www.exploit-db.com/exploits/17324
www.securityfocus.com/archive/1/495770/100/0/threaded
www.securityfocus.com/bid/30856
www.telartis.nl/xcms/awstats/
www.vupen.com/english/advisories/2008/2442
exchange.xforce.ibmcloud.com/vulnerabilities/44712
www.exploit-db.com/exploits/6368
Related
packetstorm
packetstorm
AWStats Totals 1.14 Remote Command Execution
2011-05-26 00:00:00
cve
cve
CVE-2008-3922
2008-09-04 18:41:00
prion
prion
Code injection
2008-09-04 18:41:00
dsquare
dsquare
Awstats Totals <= 1.14 RCE
2012-01-26 00:00:00
checkpoint_advisories
checkpoint_advisories
openvas
openvas
AWStats Totals 'sort' Parameter RCE Vulnerabilities
2011-06-07 00:00:00
metasploit
metasploit
AWStats Totals multisort Remote Command Execution
2011-05-25 10:42:37
nessus
nessus
nvd
nvd
CVE-2008-3922
2008-09-04 18:41:00
exploitdb
exploitdb
AWStats Totals 1.14 multisort - Remote Command Execution (Metasploit)
2011-05-25 00:00:00
nmap
nmap
http-awstatstotals-exec NSE Script
2011-08-23 06:29:12