CVE-2008-4529 Information
Description
Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php (2) BigMath.php (3) DiffieHellman.php (4) DumbStore.php (5) Extension.php (6) FileStore.php (7) HMAC.php (8) MemcachedStore.php (9) Message.php (10) Nonce.php (11) SQLStore.php (12) SReg.php (13) TrustRoot.php and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/.
Reference
http://securityreason.com/securityalert/4391 http://www.securityfocus.com/bid/31601 http://www.vupen.com/english/advisories/2008/2755 https://exchange.xforce.ibmcloud.com/vulnerabilities/45684 https://www.exploit-db.com/exploits/6685
Share on: