CVE-2008-4138
published 2008-09-24CVE-2008-4138: PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary…
PriorityP355critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.30%
95.1th percentile
PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| technote | technote | — | — |
| technote | technote | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fp9h-gwxm-cg3p: PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default
ghsa_unreviewed·2022-05-02·CVSS 10.0
CVE-2009-0441 [CRITICAL] CWE-94 GHSA-fp9h-gwxm-cg3p: PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default
PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138.
GHSA
GHSA-279p-29gw-62v2: PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice
ghsa_unreviewed·2022-05-02
CVE-2008-4138 [HIGH] CWE-94 GHSA-279p-29gw-62v2: PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice
PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/48166http://secunia.com/advisories/31916http://www.securityfocus.com/bid/31222http://www.vupen.com/english/advisories/2008/2609https://exchange.xforce.ibmcloud.com/vulnerabilities/45215https://www.exploit-db.com/exploits/6478http://osvdb.org/48166http://secunia.com/advisories/31916http://www.securityfocus.com/bid/31222http://www.vupen.com/english/advisories/2008/2609https://exchange.xforce.ibmcloud.com/vulnerabilities/45215https://www.exploit-db.com/exploits/6478
2008-09-24
Published