Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4529

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-4529
Last Modified 07 Mar 2011 10:12:36
Published 09 Oct 2008 02:14:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4529

Summary

Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/.

Vulnerable Systems

Application

  • Asicms 0.208


References

XF - asicms-envasicmspath-file-include(45684)

VUPEN - ADV-2008-2755

BID - 31601

MILW0RM - 6685

SREASON - 4391


Last Updated: 27 May 2016 10:48:32