Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5060

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5060
Last Modified 29 Jan 2009 01:58:10
Published 13 Nov 2008 06:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5060

Summary

Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.

Vulnerable Systems

Application

  • Modernbill 2.01

  • Modernbill 2.02s

  • Modernbill 3.0

  • Modernbill 3.1.0

  • Modernbill 3.1.3

  • Modernbill 4.0.1

  • Modernbill 4.0.2

  • Modernbill 4.1.1

  • Modernbill 4.1.2

  • Modernbill 4.1.3

  • Modernbill 4.2.1

  • Modernbill 4.3.0

  • Modernbill 4.3.2

  • Modernbill 4.4

  • Modernbill 4.4.0


References

XF - modernbill-dir-file-include(46513)

MILW0RM - 6916

SREASON - 4587

SECUNIA - 32529


Last Updated: 27 May 2016 10:48:42