CVE Vulnerability

CVE-2008-4529

Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.securityfocus.com/bid/31601 Exploit
http://securityreason.com/securityalert/4391
http://www.vupen.com/english/advisories/2008/2755
https://exchange.xforce.ibmcloud.com/vulnerabilities/45684
https://www.exploit-db.com/exploits/6685
Configurations

Configuration 1

cpe:2.3:a:asicms:asicms:0.208:alpha:*:*:*:*:*:*
Information

Published : 2008-10-09 06:14

Updated : 2017-09-29 01:32

NVD link : CVE-2008-4529

Mitre link : CVE-2008-4529

Products Affected
No products.
CWE
CWE-94