Published: 21/07/2008 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote malicious users to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpizabi phpizabi 0.848b

#!/usr/bin/perl #inphex #PHPizabi v0848b C1 HFP1 Remote Code Execution #wwwdz-securecom/tools/1/WebESploitpltxt #if you are seeking for a partner to work on some project(s) just send an email inphex0 [ at ] gmail [ dot ] com #system/v_cron_procphp # if (!function_exists("writeLogEntry")) { # function writeLogEntry($data) { # global ...

PHPizabi version 0848b C1 HFP1-3 remote command execution exploit ...

CWE-20 http://www.securityfocus.com/bid/30257 http://secunia.com/advisories/31127 http://securityreason.com/securityalert/4022 https://exchange.xforce.ibmcloud.com/vulnerabilities/43856 https://www.exploit-db.com/exploits/6085 https://nvd.nist.gov https://www.exploit-db.com/exploits/6085/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-3239

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect