CVE Vulnerability

CVE-2008-5332

Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e) delete.php, and others; and the (2) GLOBALS[pie][library_path] parameter to files in lib/share/ including (f) diff.php, (g) file.php, (h) locale.php, (i) mapfile.php, (j) page.php, and others.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.securityfocus.com/bid/32455
http://securityreason.com/securityalert/4687
https://exchange.xforce.ibmcloud.com/vulnerabilities/46819
https://www.exploit-db.com/exploits/7221
Configurations

Configuration 1

cpe:2.3:a:pie:pie:0.5.3:*:*:*:*:*:*:*
Information

Published : 2008-12-05 01:30

Updated : 2017-09-29 01:32

NVD link : CVE-2008-5332

Mitre link : CVE-2008-5332

Products Affected
No products.
CWE
CWE-94