Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6958

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-6958
Last Modified 18 Aug 2009 12:00:00
Published 12 Aug 2009 06:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-6958

Summary

wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.

Vulnerable Systems

Application

  • Comsenz Crossday Discuz%21 Board 6.0.1

  • Comsenz Crossday Discuz%21 Board 7.0


References

XF - discuz-index-code-execution(46644)

BID - 32303

MILW0RM - 7119

MISC - http://www.discuz.net/archiver/?tid-1112426.html

MISC - http://www.80vul.com/dzvul/sodb/13/dz-exp-sodb-2008-13_php.htm

SECUNIA - 32731

OSVDB - 50202


Last Updated: 27 May 2016 10:49:24