Back to search
CVE-2008-5619
Published: Dec 17, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://mahara.org/interaction/forum/topic.php?id=533
x_refsource_CONFIRM
7549
exploit
x_refsource_EXPLOIT-DB
7553
exploit
x_refsource_EXPLOIT-DB
FEDORA-2008-11234
vendor-advisory
x_refsource_FEDORA
ADV-2008-3418
vdb-entry
x_refsource_VUPEN
http://trac.roundcube.net/changeset/2148
x_refsource_CONFIRM
53893
vdb-entry
x_refsource_OSVDB
http://sourceforge.net/forum/forum.php?forum_id=898542
x_refsource_CONFIRM
34789
third-party-advisory
x_refsource_SECUNIA
ADV-2008-3419
vdb-entry
x_refsource_VUPEN
http://trac.roundcube.net/ticket/1485618
x_refsource_MISC
FEDORA-2008-11220
vendor-advisory
x_refsource_FEDORA
[oss-security] 20081212 CVE Request - roundcubemail
mailing-list
x_refsource_MLIST
33170
third-party-advisory
x_refsource_SECUNIA
33145
third-party-advisory
x_refsource_SECUNIA
20081222 POC for CVE-2008-5619 (roundcubemail PHP arbitrary code injection)
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now