Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Modernbill | Modernbill | <= 4.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32529Vendor Advisory
- http://securityreason.com/securityalert/4587
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46513
- https://www.exploit-db.com/exploits/6916
- http://secunia.com/advisories/32529Vendor Advisory
- http://securityreason.com/securityalert/4587
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46513
- https://www.exploit-db.com/exploits/6916
FAQ
What is CVE-2008-5060?
CVE-2008-5060 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) ru...
How severe is CVE-2008-5060?
CVE-2008-5060 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5060?
Check the references section above for vendor advisories and patch information. Affected products include: Modernbill Modernbill.