CVE-2008-5906

Sažetak

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178
http://ktorrent.org/?q=node/23
http://openwall.com/lists/oss-security/2009/01/08/1
http://secunia.com/advisories/32442
http://secunia.com/advisories/32447
http://secunia.com/advisories/33675
http://secunia.com/advisories/34003
http://security.gentoo.org/glsa/glsa-200902-05.xml
http://www.securityfocus.com/bid/31927
http://www.ubuntu.com/usn/USN-711-1
http://www.vupen.com/english/advisories/2008/2911
https://bugs.gentoo.org/show_bug.cgi?id=244741
https://exchange.xforce.ibmcloud.com/vulnerabilities/46118

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-08-2017 - 01:33

Objavljeno

15-01-2009 - 17:30