CVE-2008-3707 Information

Description

Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php (2) post.php (3) process_post.php (4) process_search.php (5) forum.php (6) process_subscribe.php (7) read.php (8) search.php (9) subscribe.php in path/; and (10) add_ban.php (11) add_ban_form.php (12) add_board.php (13) add_vip.php (14) add_vip_form.php (15) copy_ban.php (16) copy_vip.php (17) delete_ban.php (18) delete_board.php (19) delete_messages.php (20) delete_vip.php (21) edit_ban.php (22) edit_board.php (23) edit_vip.php (24) index.php (25) lock_messages.php (26) login.php (27) modify_ban_list.php (28) modify_vip_list.php (29) move_messages.php (30) process_add_board.php (31) process_ban.php (32) process_delete_ban.php (33) process_delete_board.php (34) process_delete_messages.php (35) process_delete_vip.php (36) process_edit_board.php (37) process_lock_messages.php (38) process_login.php (39) process_move_messages.php (40) process_sticky_messages.php (41) process_vip.php and (42) sticky_messages.php in path/adminopts. NOTE: the include/common.php vector is covered by CVE-2006-2871. NOTE: some of these vectors might not be vulnerabilities under proper installation.

Reference

http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt http://www.attrition.org/pipermail/vim/2008-August/002052.html http://www.securityfocus.com/bid/30688 https://exchange.xforce.ibmcloud.com/vulnerabilities/44474