Lucene search

MitreCVE-2008-1124

HistoryMar 03, 2008 - 10:44 p.m.

CVE-2008-1124

2008-03-0322:44:00

CWE-94

mitre

web.nvd.nist.gov

cve

php

remote file inclusion

podcast generator

vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.004

Percentile

74.7%

JSON

Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_nocat.php, and (15) recent_list.php in core/.

Affected configurations

Nvd

Node

podcast_generatorpodcast_generatorRange≤1.0beta_2

VendorProductVersionCPE
podcast_generatorpodcast_generator*cpe:2.3:a:podcast_generator:podcast_generator:*:beta_2:*:*:*:*:*:*

Vendor	Product	Version	CPE
podcast_generator	podcast_generator	*	cpe:2.3:a:podcast_generator:podcast_generator::beta_2::::::*

References

www.securityfocus.com/bid/28038

www.exploit-db.com/exploits/5200

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.004

Percentile

74.7%

JSON

Related for CVE-2008-1124