Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4439

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4439
Last Modified 06 Oct 2009 12:00:00
Published 03 Oct 2008 06:22:45
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4439

Summary

PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Systems

Application

  • Martinwood Datafeed Studio 1.6.2


References

XF - datafeedstudio-patch-file-include(44420)

MISC - http://www.securityfocus.com/bid/30659/exploit

BID - 30659

CONFIRM - http://blog.datafeedstudio.com/datafeed-studio-v163-released


Last Updated: 27 May 2016 10:48:30