Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6999

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-6999
Last Modified 19 Aug 2009 12:00:00
Published 19 Aug 2009 01:24:52
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6999

Summary

phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

Vulnerable Systems

Application

  • Phpauction 3.2

  • Phpauction 3.3.0


References

XF - phpauction-phpinfo-information-disclosure(44936)

SECUNIA - 31803

MISC - http://packetstorm.linuxsecurity.com/0809-exploits/phpauction32-rfi.txt

OSVDB - 47939


Last Updated: 27 May 2016 10:49:25