Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2638

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-2638
Last Modified 07 Mar 2011 10:09:32
Published 09 Jun 2008 08:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2638

Summary

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.

Vulnerable Systems

Application

  • 1-script 1-book 1.0.1


References

XF - 1book-guestbook-code-execution(42854)

VUPEN - ADV-2008-1735

MILW0RM - 5736

SECUNIA - 30146

CONFIRM - http://1scripts.net/php-scripts/index.php?p=16


Last Updated: 27 May 2016 10:47:56