Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4645

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-4645
Last Modified 29 Jan 2009 01:57:04
Published 21 Oct 2008 08:11:50
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-4645

Summary

plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.

Vulnerable Systems

Application

  • Phpwebgallery 1.0

  • Phpwebgallery 1.1

  • Phpwebgallery 1.2.1

  • Phpwebgallery 1.3.0

  • Phpwebgallery 1.3.1

  • Phpwebgallery 1.3.2

  • Phpwebgallery 1.3.3

  • Phpwebgallery 1.3.4

  • Phpwebgallery 1.4.0

  • Phpwebgallery 1.4.1

  • Phpwebgallery 1.5.0

  • Phpwebgallery 1.5.1

  • Phpwebgallery 1.5.2

  • Phpwebgallery 1.6.0

  • Phpwebgallery 1.6.1

  • Phpwebgallery 1.6.2

  • Phpwebgallery 1.7.0

  • Phpwebgallery 1.7.1

  • Phpwebgallery 1.7.2


References

BID - 31762

XF - phpwebgallery-createfunction-code-execution(45875)

MILW0RM - 6755

SREASON - 4456


Last Updated: 27 May 2016 10:48:34