CVE-2008-5090
Published Nov 14, 2008
Last updated 6 years ago
Overview
- Description
- Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-94
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:anelectron:advanced_electron_forum:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "346A0065-57B5-44C8-9A0D-B681B653935A",
"versionEndIncluding": "1.0.6"
},
{
"criteria": "cpe:2.3:a:anelectron:advanced_electron_forum:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68188511-BA5A-454A-8959-A754AA7147BA"
},
{
"criteria": "cpe:2.3:a:anelectron:advanced_electron_forum:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39DBB3C6-A59B-46E8-AE2E-B4F90B4327E7"
},
{
"criteria": "cpe:2.3:a:anelectron:advanced_electron_forum:1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B729A246-6642-44BD-8842-B676E6F9D0D1"
},
{
"criteria": "cpe:2.3:a:anelectron:advanced_electron_forum:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "938E89B8-C921-44B5-B97F-D756CC5607C9"
},
{
"criteria": "cpe:2.3:a:anelectron:advanced_electron_forum:1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D35C1FAF-9F98-42A0-B457-E5949AEA8864"
}
],
"operator": "OR"
}
]
}
]