Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2018

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2008-2018
Last Modified 05 Sep 2008 05:39:20
Published 29 Apr 2008 09:07:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-2018

Summary

The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user.

Vulnerable Systems

Application

  • Phpizabi 0.848b


References

BID - 28954

MILW0RM - 5506

XF - phpizabi-templateclass-info-disclosure(42143)


Last Updated: 27 May 2016 10:47:44