Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6761

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-6761
Last Modified 28 Apr 2009 12:00:00
Published 28 Apr 2009 12:30:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6761

Summary

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.

Vulnerable Systems

Application

  • China-on-site Flexcustomer0.0.6


References

XF - flexcustomer-install-code-execution(47652)

MILW0RM - 7622


Last Updated: 27 May 2016 10:49:20