CVE-2008-5793
published 2008-12-31CVE-2008-5793: Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to…
PriorityP349medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
15.37%
96.4th percentile
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpmyvisites | phpmyvisites | <= 2.3 | — |
| recly | clickheat-heatmap | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-47gj-jq93-7cpf: Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1
ghsa_unreviewed·2022-05-17
CVE-2008-5793 [MEDIUM] CWE-94 GHSA-47gj-jq93-7cpf: Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php.
GHSA
GHSA-xmjp-4jm4-9f5j: Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2009-4763 [MEDIUM] GHSA-xmjp-4jm4-9f5j: Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2
Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2.4, has unknown impact and attack vectors. NOTE: due to lack of details from the vendor, it is not clear whether this is related to CVE-2008-5793.
No detection rules found.
No writeups or analysis indexed.
http://securityreason.com/securityalert/4841http://www.securityfocus.com/bid/32190https://exchange.xforce.ibmcloud.com/vulnerabilities/46439https://www.exploit-db.com/exploits/7038http://securityreason.com/securityalert/4841http://www.securityfocus.com/bid/32190https://exchange.xforce.ibmcloud.com/vulnerabilities/46439https://www.exploit-db.com/exploits/7038
2008-12-31
Published