NVD

Id
2009  
Name
CVE-2008-2074  
Description
Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2008-05-05  
Modified Date
2008-09-05  
Seq
2008-2074  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
12891 2009 CVE-2008-2074 5525  View
12892 2009 CVE-2008-2074 28995  View
12893 2009 CVE-2008-2074 harriswapchat-sysfiledir-file-include(42112)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
50437 JVNDB-2008-005747 Harris Yusuf Arifin Harris Wap Chat における PHP リモートファイルインクルージョンの脆弱性 Harris Yusuf Arifin Harris Wap Chat には、register_globals が有効になっている際、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2008-2074 32187 CVE-2008-2074 2009 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005747.html 2008-05-05 2012-12-20 View