Lucene search
MitreCVE-2008-6761HistoryApr 28, 2009 - 4:30 p.m.
CVE-2008-6761
2009-04-2816:30:03
CWE-94
mitre
web.nvd.nist.gov
27
cve-2008-6761
static code injection
flexcustomer 0.0.6
remote attackers
php code
database name
vulnerability
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.003
Percentile
71.9%
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.
Affected configurations
Node
china-on-siteflexcustomer0.0.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| china-on-site | flexcustomer0.0.6 | * | cpe:2.3:a:china-on-site:flexcustomer0.0.6:*:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2009-04-28 16:30:00
cvelist
cvelist
CVE-2008-6761
2009-04-28 16:00:00
exploitdb
exploitdb
Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP Code Writing
2008-12-29 00:00:00
nvd
nvd
CVE-2008-6761
2009-04-28 16:30:03
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.003
Percentile
71.9%
Related for CVE-2008-6761