Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2886

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2886
Last Modified 08 Apr 2009 01:27:10
Published 27 Jun 2008 02:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2886

Summary

PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter.

Vulnerable Systems

Application

  • Jamroom 3.3.0

  • Jamroom 3.3.1

  • Jamroom 3.3.2

  • Jamroom 3.3.3

  • Jamroom 3.3.4

  • Jamroom 3.3.5


References

CONFIRM - http://www.jamroom.net/

XF - jamroom-purchase-file-include(43299)

BID - 29854

MILW0RM - 5876

CONFIRM - http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1130

SREASON - 3961

SECUNIA - 30806


Last Updated: 27 May 2016 10:48:01