Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1609


Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1609
Last Modified 05 Sep 2008 05:38:12
Published 01 Apr 2008 12:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127.

Vulnerable Systems


  • Jaf Cms 4.0 Rc2


MILW0RM - 5317

XF - jafcms-multiple-file-include(41753)

BID - 28476

BUGTRAQ - 20080327 JAF-CMS 4.0 RC2 Multiple Remote File Inclusion Vulnerabilities

BUGTRAQ - 20080327 Re: JAF-CMS 4.0 RC2 Multiple Remote File Inclusion Vulnerabilities

Last Updated: 27 May 2016 10:47:36