Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2520

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2520
Last Modified 01 Apr 2009 01:32:24
Published 03 Jun 2008 11:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2520

Summary

Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) system/classes/sql/AdoDBConnection.php; and the (2) GLOBALS[_BIGACE][DIR][admin] parameter to (c) item_information.php and (d) jstree.php in system/application/util/, and (e) system/admin/plugins/menu/menuTree/plugin.php, different vectors than CVE-2006-4423.

Vulnerable Systems

Application

  • Bigace 2.4


References

BID - 29157

SECUNIA - 30183

XF - bigace-multiple-file-include(42343)

MILW0RM - 5596


Last Updated: 27 May 2016 10:47:54