CVE-2008-5090

Sažetak

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.

Reference

http://secunia.com/advisories/31978
http://securityreason.com/securityalert/4598
http://www.anelectron.com/board/index.php?tid=3282
http://www.gulftech.org/?node=research&article_id=00131-09202008
http://www.securityfocus.com/archive/1/496552/100/0/threaded
http://www.securityfocus.com/bid/31268
https://exchange.xforce.ibmcloud.com/vulnerabilities/45270
https://www.exploit-db.com/exploits/6499

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-10-2018 - 20:54

Objavljeno

14-11-2008 - 19:20