CVE-2008-2769

Properties

Published:
17.06.2008
Updated:
29.01.2009
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
phpraider: phpraider
phpraider: phpraider

Vulnerability description

PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter.

References:

XF: http://xforce.iss.net/xforce/xfdb/42996
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/493275/100/0/threaded
SREASON: http://securityreason.com/securityalert/3947
CONFIRM: http://forums.phpraider.com/showthread.php?t=1087#v1_0_7b_-_May_29__2008