Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6138


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6138
Last Modified 19 Aug 2009 01:23:11
Published 13 Feb 2009 09:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.

Vulnerable Systems


  • Webbiscuits Modules Controller 1.1


XF - modulescontroller-adminhead-file-include(45771)

BID - 31655

MILW0RM - 6703

Last Updated: 27 May 2016 10:49:04