Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1862

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1862
Last Modified 05 Sep 2008 12:00:00
Published 17 Apr 2008 03:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1862

Summary

ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php.

Vulnerable Systems

Application

  • Exbb Italia 0.2.2


References

XF - exbb-threadstop-file-include(41708)

MILW0RM - 5405

SECUNIA - 29739


Last Updated: 27 May 2016 10:47:40