QwikSec

Security Database

CVE

CWE

Training

CVE-2008-3763

Published: Aug 21, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

third-party-advisory

x_refsource_SREASON

20080816 PHP Live Helper <= 2.0.1 Multiple Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

phplivehelper-libsecure-code-execution(44570)

vdb-entry

x_refsource_XF

http://www.gulftech.org/?node=research&article_id=00124-08162008

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.