CVE-2008-0648
published 2008-02-07CVE-2008-0648: Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.86%
76.5th percentile
Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opensiteadmin | opensiteadmin | <= 0.9.1.1 | — |
| thecodeweasel | opensiteadmin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r389-f2jh-h9wp: PHP remote file inclusion vulnerability in pages/pageHeader
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2009-3317 [MEDIUM] CWE-94 GHSA-r389-f2jh-h9wp: PHP remote file inclusion vulnerability in pages/pageHeader
PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648.
GHSA
GHSA-5fjc-m72h-6w3x: Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0
ghsa_unreviewed·2022-05-01
CVE-2008-0648 [MEDIUM] CWE-94 GHSA-5fjc-m72h-6w3x: Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0
Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/.
No detection rules found.
No writeups or analysis indexed.
2008-02-07
Published