CVE-2008-5922 - OpenCVE

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cfagcms	Cfagcms

Configuration 1 [-]

cpe:2.3:a:cfagcms:cfagcms:1.0:beta_1:*:*:*:*:*:*

References

Link	Resource
http://securityreason.com/securityalert/4926
http://www.bugreport.ir/index_58.htm
http://www.securityfocus.com/archive/1/499213/100/0/threaded
http://www.securityfocus.com/bid/32817	Exploit
https://www.exploit-db.com/exploits/7459

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-21T18:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2009-01-21T00:00:00

Link: CVE-2008-5922

JSON object: View

NVD Information

Status : Modified

Published: 2009-01-21T18:30:00.343

Modified: 2018-10-11T20:56:49.933

Link: CVE-2008-5922

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-14T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.bugreport.ir/index_58.htm"}, {"name": "32817", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32817"}, {"name": "7459", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7459"}, {"name": "4926", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4926"}, {"name": "20081214 CFAGCMS Remote File Inclusion", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/499213/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5922", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.bugreport.ir/index_58.htm", "refsource": "MISC", "url": "http://www.bugreport.ir/index_58.htm"}, {"name": "32817", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32817"}, {"name": "7459", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7459"}, {"name": "4926", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4926"}, {"name": "20081214 CFAGCMS Remote File Inclusion", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/499213/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5922", "datePublished": "2009-01-21T18:00:00", "dateReserved": "2009-01-21T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}