Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1760

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1760
Last Modified 29 Oct 2012 11:10:03
Published 12 Apr 2008 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1760

Summary

Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.

Vulnerable Systems

Application

  • Blogator-script 0.90

  • Blogator-script 0.91

  • Blogator-script 0.92

  • Blogator-script 0.93

  • Blogator-script 0.95

  • Blogator-script 1.00


References

BID - 28627

MILW0RM - 5365

CONFIRM - http://www.blogator-script.com/changelog.php

SECUNIA - 29684

XF - blogatorscript-inclpage-file-include(41660)


Last Updated: 27 May 2016 10:53:42