Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2888

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-2888
Last Modified 07 Mar 2011 10:09:53
Published 27 Jun 2008 02:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2888

Summary

Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/.

Vulnerable Systems

Application

  • Migcms 2.0.5


References

XF - migcms-globals-file-include(43250)

BID - 29874

MILW0RM - 5902

MILW0RM - 5901

SECUNIA - 30770


Last Updated: 27 May 2016 10:48:01