Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 30/04/2008 Updated: 29/09/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpizabi phpizabi 0.848b

-------------------------------------------------------- PHPizabi v0848b C1 HFP3 database information exposure -------------------------------------------------------- * I would like to state that I am in no way responsible for how this information is used It is just that, information and is provided for informational purposes only* An exp ...

CWE-200 http://www.securityfocus.com/bid/28954 https://exchange.xforce.ibmcloud.com/vulnerabilities/42143 https://www.exploit-db.com/exploits/5506 https://nvd.nist.gov https://www.exploit-db.com/exploits/5506/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-2018

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect