Published: 14/11/2008 Updated: 11/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Electron Inc. Advanced Electron Forum prior to 1.0.7 allows remote malicious users to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.

Vulnerable Product	Search on Vulmon	Subscribe to Product
anelectron advanced electron forum 1.0.2
anelectron advanced electron forum 1.0.1
anelectron advanced electron forum 1.0.4
anelectron advanced electron forum 1.0.3
anelectron advanced electron forum
anelectron advanced electron forum 1.0.5

########################################################## # GulfTech Security Research September 20, 2008 ########################################################## # Vendor : Electron Inc # URL : wwwanelectroncom/ # Version : AEF Forum <= 106 # Risk : Remote Code Execution ################################################# ...

CWE-94 http://www.gulftech.org/?node=research&article_id=00131-09202008 http://secunia.com/advisories/31978 http://www.securityfocus.com/bid/31268 http://www.anelectron.com/board/index.php?tid=3282 http://securityreason.com/securityalert/4598 https://exchange.xforce.ibmcloud.com/vulnerabilities/45270 https://www.exploit-db.com/exploits/6499 http://www.securityfocus.com/archive/1/496552/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/6499/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-5090

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect