CVE-2008-2638

{"id": "CVE-2008-2638", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-06-10T00:32:00.000", "references": [{"url": "http://1scripts.net/php-scripts/index.php?p=16", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30146", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1735/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42854", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5736", "source": "cve@mitre.org"}, {"url": "http://1scripts.net/php-scripts/index.php?p=16", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30146", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1735/references", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42854", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/5736", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de c\u00f3digo est\u00e1tico en guestbook.php de 1Book 1.0.1 y versiones anteriores permite a atacantes remotos subir c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s del par\u00e1metro message en un formulario web HTML, lo cual est\u00e1 escrito en data.php."}], "lastModified": "2024-11-21T00:47:21.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:1-script:1-book:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E74E2420-6FD3-420A-AC12-E98F545B068A", "versionEndIncluding": "1.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}