CVE-2008-5090

Published: Nov 14, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.anelectron.com/board/index.php?tid=3282

x_refsource_CONFIRM

aef-pregreplace-code-execution(45270)

vdb-entry

x_refsource_XF

20080920 Advanced Electron Forum <= 1.0.6 Remote Code Execution

mailing-list

x_refsource_BUGTRAQ

http://www.gulftech.org/?node=research&article_id=00131-09202008

x_refsource_MISC

4598

third-party-advisory

x_refsource_SREASON

31978

third-party-advisory

x_refsource_SECUNIA

6499

exploit

x_refsource_EXPLOIT-DB

31268

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-5090

Description

Affected Products

References