Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5090

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5090
Last Modified 29 Jan 2009 01:58:15
Published 14 Nov 2008 02:20:53
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5090

Summary

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.

Vulnerable Systems

Application

  • Anelectron Advanced Electron Forum 1.0.1

  • Anelectron Advanced Electron Forum 1.0.2

  • Anelectron Advanced Electron Forum 1.0.3

  • Anelectron Advanced Electron Forum 1.0.4

  • Anelectron Advanced Electron Forum 1.0.5

  • Anelectron Advanced Electron Forum 1.0.6


References

XF - aef-pregreplace-code-execution(45270)

BID - 31268

BUGTRAQ - 20080920 Advanced Electron Forum <= 1.0.6 Remote Code Execution

MILW0RM - 6499

MISC - http://www.gulftech.org/?node=research&article_id=00131-09202008

CONFIRM - http://www.anelectron.com/board/index.php?tid=3282

SREASON - 4598

SECUNIA - 31978


Last Updated: 27 May 2016 10:48:42