Vulnerability Description
PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pragyan | Praygan Cms | 2.6.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31101Vendor Advisory
- http://securityreason.com/securityalert/4010
- http://www.securityfocus.com/bid/30235Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43777
- https://www.exploit-db.com/exploits/6078
- http://secunia.com/advisories/31101Vendor Advisory
- http://securityreason.com/securityalert/4010
- http://www.securityfocus.com/bid/30235Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43777
- https://www.exploit-db.com/exploits/6078
FAQ
What is CVE-2008-3207?
CVE-2008-3207 is a vulnerability with a CVSS score of 9.3 (HIGH). PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) s...
How severe is CVE-2008-3207?
CVE-2008-3207 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3207?
Check the references section above for vendor advisories and patch information. Affected products include: Pragyan Praygan Cms.