Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blogator-Script | Blogator-Script | <= 1.00 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/29684Vendor Advisory
- http://www.blogator-script.com/changelog.phpURL Repurposed
- http://www.securityfocus.com/bid/28627Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41660
- https://www.exploit-db.com/exploits/5365
- http://secunia.com/advisories/29684Vendor Advisory
- http://www.blogator-script.com/changelog.phpURL Repurposed
- http://www.securityfocus.com/bid/28627Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41660
- https://www.exploit-db.com/exploits/5365
FAQ
What is CVE-2008-1760?
CVE-2008-1760 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2)...
How severe is CVE-2008-1760?
CVE-2008-1760 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1760?
Check the references section above for vendor advisories and patch information. Affected products include: Blogator-Script Blogator-Script.