6.8
CVE-2008-3763
- EPSS 2.58%
- Veröffentlicht 21.08.2008 17:41:00
- Zuletzt bearbeitet 16.06.2026 22:56:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginVariable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Turnkeywebtools ≫ Php Live Helper Version <= 2.0.1
Turnkeywebtools ≫ Php Live Helper Version2.0
Turnkeywebtools ≫ Php Live Helper Version2.0 Updatebeta_1
Turnkeywebtools ≫ Php Live Helper Version2.0 Updatebeta_2
Turnkeywebtools ≫ Php Live Helper Version2.0 Updatebeta_3
Turnkeywebtools ≫ Php Live Helper Version2.0 Updatebeta_4
Turnkeywebtools ≫ Php Live Helper Version2.0 Updatebeta_5
Turnkeywebtools ≫ Php Live Helper Version2.0 Updatebeta_6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.58% | 0.832 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/31521
http://securityreason.com/securityalert/4178
http://www.gulftech.org/?node=research&article_id=00124-08162008
http://www.securityfocus.com/archive/1/495542/100/0/threaded
http://www.securityfocus.com/bid/30729
https://www.exploit-db.com/exploits/6261
http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/44570