Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:53
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/31978 - Vendor Advisory | |
References | () http://securityreason.com/securityalert/4598 - | |
References | () http://www.anelectron.com/board/index.php?tid=3282 - Vendor Advisory | |
References | () http://www.gulftech.org/?node=research&article_id=00131-09202008 - | |
References | () http://www.securityfocus.com/archive/1/496552/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/31268 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/45270 - | |
References | () https://www.exploit-db.com/exploits/6499 - |
Information
Published : 2008-11-14 19:20
Updated : 2024-11-21 00:53
NVD link : CVE-2008-5090
Mitre link : CVE-2008-5090
CVE.ORG link : CVE-2008-5090
JSON object : View
Products Affected
anelectron
- advanced_electron_forum
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')