Vulnerability Description
Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Anelectron | Advanced Electron Forum | <= 1.0.6 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31978Vendor Advisory
- http://securityreason.com/securityalert/4598
- http://www.anelectron.com/board/index.php?tid=3282Vendor Advisory
- http://www.gulftech.org/?node=research&article_id=00131-09202008
- http://www.securityfocus.com/archive/1/496552/100/0/threaded
- http://www.securityfocus.com/bid/31268Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45270
- https://www.exploit-db.com/exploits/6499
- http://secunia.com/advisories/31978Vendor Advisory
- http://securityreason.com/securityalert/4598
- http://www.anelectron.com/board/index.php?tid=3282Vendor Advisory
- http://www.gulftech.org/?node=research&article_id=00131-09202008
- http://www.securityfocus.com/archive/1/496552/100/0/threaded
- http://www.securityfocus.com/bid/31268Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45270
FAQ
What is CVE-2008-5090?
CVE-2008-5090 is a vulnerability with a CVSS score of 10.0 (HIGH). Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace ...
How severe is CVE-2008-5090?
CVE-2008-5090 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5090?
Check the references section above for vendor advisories and patch information. Affected products include: Anelectron Advanced Electron Forum.