CVE-2008-5090

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:anelectron:advanced_electron_forum:*:*:*:*:*:*:*:*
cpe:2.3:a:anelectron:advanced_electron_forum:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:anelectron:advanced_electron_forum:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:anelectron:advanced_electron_forum:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:anelectron:advanced_electron_forum:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:anelectron:advanced_electron_forum:1.0.5:*:*:*:*:*:*:*

History

21 Nov 2024, 00:53

Type Values Removed Values Added
References () http://secunia.com/advisories/31978 - Vendor Advisory () http://secunia.com/advisories/31978 - Vendor Advisory
References () http://securityreason.com/securityalert/4598 - () http://securityreason.com/securityalert/4598 -
References () http://www.anelectron.com/board/index.php?tid=3282 - Vendor Advisory () http://www.anelectron.com/board/index.php?tid=3282 - Vendor Advisory
References () http://www.gulftech.org/?node=research&article_id=00131-09202008 - () http://www.gulftech.org/?node=research&article_id=00131-09202008 -
References () http://www.securityfocus.com/archive/1/496552/100/0/threaded - () http://www.securityfocus.com/archive/1/496552/100/0/threaded -
References () http://www.securityfocus.com/bid/31268 - Exploit () http://www.securityfocus.com/bid/31268 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/45270 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/45270 -
References () https://www.exploit-db.com/exploits/6499 - () https://www.exploit-db.com/exploits/6499 -

Information

Published : 2008-11-14 19:20

Updated : 2024-11-21 00:53


NVD link : CVE-2008-5090

Mitre link : CVE-2008-5090

CVE.ORG link : CVE-2008-5090


JSON object : View

Products Affected

anelectron

  • advanced_electron_forum
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')