Vulnerability Description
Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oxyproject | Oxybox | 0.85 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/28992Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42110
- https://www.exploit-db.com/exploits/5524
- http://www.securityfocus.com/bid/28992Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42110
- https://www.exploit-db.com/exploits/5524
FAQ
What is CVE-2008-6651?
CVE-2008-6651 is a vulnerability with a CVSS score of 10.0 (HIGH). Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter.
How severe is CVE-2008-6651?
CVE-2008-6651 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6651?
Check the references section above for vendor advisories and patch information. Affected products include: Oxyproject Oxybox.