CVE

Id
36661  
CVE No.
CVE-2008-6544  
Status
Candidate  
Description
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request.  
Phase
Assigned (20090329)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
399791 36661 CVE-2008-6544 FULLDISC:20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities  View
399792 36661 CVE-2008-6544 URL:http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html  View
399793 36661 CVE-2008-6544 FULLDISC:20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities  View
399794 36661 CVE-2008-6544 URL:http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html  View
399795 36661 CVE-2008-6544 FULLDISC:20080328 Smf 1.1.4 Remote File Inclusion Vulnerabilities  View
399796 36661 CVE-2008-6544 URL:http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html  View
399797 36661 CVE-2008-6544 BID:28493  View
399798 36661 CVE-2008-6544 URL:http://www.securityfocus.com/bid/28493  View
399799 36661 CVE-2008-6544 OSVDB:51301  View
399800 36661 CVE-2008-6544 URL:http://osvdb.org/51301  View
399801 36661 CVE-2008-6544 XF:smf-subsgraphics-themes-file-include(41518)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
49925 JVNDB-2008-005235 MoinMoin の parser/text_rst.py における不正なインクルードファイルを読まれる脆弱性 MoinMoin の rst parser (parser/text_rst.py) は、インクルードされたページの ACL をチェックしないため、不正なインクルードファイルを読まれる脆弱性が存在します。 CVE-2008-6548 36661 5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005235.html  View