CVE

Id
32762  
CVE No.
CVE-2008-2645  
Status
Candidate  
Description
Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.  
Phase
Assigned (20080610)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
354560 32762 CVE-2008-2645 MILW0RM:5722  View
354561 32762 CVE-2008-2645 URL:http://www.milw0rm.com/exploits/5722  View
354562 32762 CVE-2008-2645 BID:29469  View
354563 32762 CVE-2008-2645 URL:http://www.securityfocus.com/bid/29469  View
354564 32762 CVE-2008-2645 VUPEN:ADV-2008-1718  View
354565 32762 CVE-2008-2645 URL:http://www.vupen.com/english/advisories/2008/1718/references  View
354566 32762 CVE-2008-2645 XF:booby-renderer-file-include(42784)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
47836 JVNDB-2008-003146 DesktopOnNet における PHP リモートファイルインクルージョンの脆弱性 DesktopOnNet には、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2008-2649 32762 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003146.html  View