Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2074

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2074
Last Modified 05 Sep 2008 05:39:29
Published 05 May 2008 12:20:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2074

Summary

Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.

Vulnerable Systems

Application

  • Successkid Harris Wap Chat 1.0


References

XF - harriswapchat-sysfiledir-file-include(42112)

BID - 28995

MILW0RM - 5525

SECUNIA - 30022


Last Updated: 27 May 2016 10:47:45