Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1862


Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1862
Last Modified 05 Sep 2008 12:00:00
Published 17 Apr 2008 03:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php.

Vulnerable Systems


  • Exbb Italia 0.2.2


XF - exbb-threadstop-file-include(41708)

MILW0RM - 5405

SECUNIA - 29739

Last Updated: 27 May 2016 10:47:40