Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6983

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6983
Last Modified 21 Aug 2009 12:00:00
Published 19 Aug 2009 01:24:52
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6983

Summary

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php.

Vulnerable Systems

Application

  • Devalcms 1.4a


References

XF - devalcms-url2header-code-execution(44942)

BID - 31037

OSVDB - 47972


Last Updated: 27 May 2016 10:49:25