• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-152

CVE-2008-2018

February 26, 2023 by

The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by ‘{‘ and ‘}’ characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a “{user.password}” comment in the profile of the admin user.

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE