10

CVE-2008-5619

Exploit
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RoundcubeWebmail Version0.2.1 Updatealpha
RoundcubeWebmail Version0.2.3 Updatebeta
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 54% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://mahara.org/interaction/forum/topic.php?id=533
http://osvdb.org/53893
http://secunia.com/advisories/33145
http://secunia.com/advisories/33170
Vendor Advisory
http://secunia.com/advisories/34789
http://sourceforge.net/forum/forum.php?forum_id=898542
Vendor Advisory
http://trac.roundcube.net/changeset/2148
Exploit
http://trac.roundcube.net/ticket/1485618
Exploit
http://www.openwall.com/lists/oss-security/2008/12/12/1
http://www.securityfocus.com/archive/1/499489/100/0/threaded
http://www.vupen.com/english/advisories/2008/3418
http://www.vupen.com/english/advisories/2008/3419
https://github.com/PHPMailer/PHPMailer/commit/8beacc646acb67c995aea10ac5585970efc7355a
https://www.exploit-db.com/exploits/7549
https://www.exploit-db.com/exploits/7553
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.html