CVE-2008-0144

Properties

Published:
07.01.2008
Updated:
15.09.2009
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
phprisk: netrisk

Vulnerability description

PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.  NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.

References:

XF: http://xforce.iss.net/xforce/xfdb/39419
BID: http://www.securityfocus.com/bid/27136
MILW0RM: http://www.milw0rm.com/exploits/4833
SECUNIA: http://secunia.com/advisories/28328
BUGTRAQ: http://marc.info/?l=bugtraq&m=119955114428283&w=2