Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3922

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3922
Last Modified 21 Sep 2011 10:58:09
Published 04 Sep 2008 02:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3922

Summary

awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.

Vulnerable Systems

Application

  • Telartis Bv Awstats Totals 1.0

  • Telartis Bv Awstats Totals 1.1

  • Telartis Bv Awstats Totals 1.11

  • Telartis Bv Awstats Totals 1.13

  • Telartis Bv Awstats Totals 1.14


References

CONFIRM - http://www.telartis.nl/xcms/awstats/

XF - awstatstotals-multisort-command-execution(44712)

VUPEN - ADV-2008-2442

BID - 30856

BUGTRAQ - 20080826 Multiple Vulnerabilities in AWStats Totals

MILW0RM - 6368

EXPLOIT-DB - 17324

MISC - http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt

SREASON - 8259

SREASON - 4218

SECUNIA - 31630


Last Updated: 27 May 2016 10:48:20