9.3
CVE-2008-3922
- EPSS 53.2%
- Veröffentlicht 04.09.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:56:49
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginawstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Telartis Bv ≫ Awstats Totals Version1.0
Telartis Bv ≫ Awstats Totals Version1.1
Telartis Bv ≫ Awstats Totals Version1.11
Telartis Bv ≫ Awstats Totals Version1.13
Telartis Bv ≫ Awstats Totals Version1.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 53.2% | 0.988 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://secunia.com/advisories/31630
http://securityreason.com/securityalert/4218
http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt
http://www.securityfocus.com/archive/1/495770/100/0/threaded
http://www.telartis.nl/xcms/awstats/
http://www.vupen.com/english/advisories/2008/2442
http://securityreason.com/securityalert/8259
http://www.exploit-db.com/exploits/17324
http://www.securityfocus.com/bid/30856
https://exchange.xforce.ibmcloud.com/vulnerabilities/44712
https://www.exploit-db.com/exploits/6368