CVE-2008-6036
Published Feb 3, 2009
Last updated 7 years ago
Overview
- Description
- PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-94
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:basebuilder:basebuilder:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51CDA702-D235-4802-8638-D8A366302B4B",
"versionEndIncluding": "2.0.1"
},
{
"criteria": "cpe:2.3:a:basebuilder:basebuilder:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2C18FC7-5183-437D-A160-84265D57A564"
},
{
"criteria": "cpe:2.3:a:basebuilder:basebuilder:1.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B5CEA2B-B603-42F8-B983-C5B827C86DC5"
},
{
"criteria": "cpe:2.3:a:basebuilder:basebuilder:1.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3FB618B-462B-43E5-9271-871E78210A62"
},
{
"criteria": "cpe:2.3:a:basebuilder:basebuilder:1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFD08F66-D9AB-427E-9CE0-C01CAC9838F0"
},
{
"criteria": "cpe:2.3:a:basebuilder:basebuilder:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C43BEC12-136F-4074-B9EF-E0E1146D3516"
},
{
"criteria": "cpe:2.3:a:basebuilder:basebuilder:2.0:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41CFA8C7-B840-4112-BD57-81C6C3DC0153"
},
{
"criteria": "cpe:2.3:a:basebuilder:basebuilder:2.0:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42B97562-3B81-4867-8EA1-3CA1A68111D6"
}
],
"operator": "OR"
}
]
}
]