Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Recly | Competitions | 1.0 |
| Joomla | Joomla | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/32192Exploit
- https://www.exploit-db.com/exploits/7039
- http://www.securityfocus.com/bid/32192Exploit
- https://www.exploit-db.com/exploits/7039
FAQ
What is CVE-2008-5790?
CVE-2008-5790 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOB...
How severe is CVE-2008-5790?
CVE-2008-5790 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5790?
Check the references section above for vendor advisories and patch information. Affected products include: Recly Competitions, Joomla Joomla.