Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5332

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5332
Last Modified 19 Aug 2009 01:21:39
Published 04 Dec 2008 08:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5332

Summary

Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e) delete.php, and others; and the (2) GLOBALS[pie][library_path] parameter to files in lib/share/ including (f) diff.php, (g) file.php, (h) locale.php, (i) mapfile.php, (j) page.php, and others.

Vulnerable Systems

Application

  • Pie 0.5.3


References

XF - pie-multiple-file-include(46819)

BID - 32455

MILW0RM - 7221

SREASON - 4687


Last Updated: 27 May 2016 10:48:46