Published: 09/10/2008 Updated: 29/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote malicious users to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
datafeedfile dff framework api

# DFF PHP Framework API (Data Feed File) Multiple Inclusion Vulnerabilities # Script :opensourcedatafeedfilecom/download/DFF_PHP_FrameworkAPI-latestzip # Exploits : # /DFF_PHP_FrameworkAPI-latest/include/DFF_affiliate_client_APIphp?DFF_config[dir_include]= # /DFF_PHP_FrameworkAPI-latest/include/DFF_featured_prdtfuncphp? ...

CWE-94 http://securityreason.com/securityalert/4370 http://secunia.com/advisories/32166 http://www.securityfocus.com/bid/31644 https://exchange.xforce.ibmcloud.com/vulnerabilities/45764 https://www.exploit-db.com/exploits/6700 https://nvd.nist.gov https://www.exploit-db.com/exploits/6700/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-4502

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect