Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-6840

Published: 01/07/2009 Updated: 17/08/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 745
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Christof Bruyland

Vulnerability Summary

Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php, (c) XML/Parser.php, (d) XML/Tree.php, (e) Mail/mimeDecode.php, (f) Console/Getopt.php, (g) System.php, (h) Log.php, and (i) File.php in includes/pear/; the CONFIG[pear_dir] parameter to (j) includes/prepend.php, and (k) includes/cachedConfig.php; and the (2) CONFIG[includes] parameter to (l) prepend.php and (m) email.list.search.php in includes/. NOTE: the CONFIG[pear_dir] parameter to includes/mailaccess/pop3.php is already covered by CVE-2006-2666.

Vulnerable Product Search on Vulmon Subscribe to Product

christof bruyland v-webmail 1.6.4

Exploits

Exploit DB: V-Webmail 1.6.4 - '/includes/pear/Mail/RFC822.php?CONFIG[pear_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible V-webmail 164 is vulnerable; ...
Exploit DB: V-Webmail 1.6.4 - '/includes/cachedConfig.php?CONFIG[pear_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible ...
Exploit DB: V-Webmail 1.6.4 - '/includes/pear/Log.php?CONFIG[pear_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible V-webmail ...
Exploit DB: V-Webmail 1.6.4 - '/includes/prepend.php?CONFIG[includes]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible ...
Exploit DB: V-Webmail 1.6.4 - '/includes/pear/Console/Getopt.php?CONFIG[pear_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible V-webmail 164 ...
Exploit DB: V-Webmail 1.6.4 - '/includes/pear/System.php?CONFIG[pear_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible V-webmail 1 ...
Exploit DB: V-Webmail 1.6.4 - '/includes/pear/File.php?CONFIG[pear_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible V-webm ...
Exploit DB: V-Webmail 1.6.4 - '/includes/pear/XML/parser.php?CONFIG[pear_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible V-webmail 164 is vulne ...
Exploit DB: V-Webmail 1.6.4 - '/includes/email.list.search.php?CONFIG[includes]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible ...
Exploit DB: V-Webmail 1.6.4 - '/includes/pear/Mail/mimeDecode.php?CONFIG[pear_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible V-webmail 164 is ...
Exploit DB: V-Webmail 1.6.4 - '/includes/pear/XML/Tree.php?CONFIG[pear_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible V-webmail 164 is vu ...
Exploit DB: V-Webmail 1.6.4 - '/includes/pear/Net/Socket.php?CONFIG[pear_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible V-webmail 164 is vulnerab ...
Exploit DB: V-Webmail 1.6.4 - '/includes/prepend.php?CONFIG[pear_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible V-w ...

References

CWE-94http://www.securityfocus.com/bid/30162http://packetstormsecurity.org/0807-exploits/vwebmail-rfi.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/46680https://nvd.nist.govhttps://www.exploit-db.com/exploits/32024/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook