Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6983


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6983
Last Modified 21 Aug 2009 12:00:00
Published 19 Aug 2009 01:24:52
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php.

Vulnerable Systems


  • Devalcms 1.4a


XF - devalcms-url2header-code-execution(44942)

BID - 31037

OSVDB - 47972

Last Updated: 27 May 2016 10:49:25