PT-2008-4322 · Jamroom · Jamroom

Cyberlog

Published

2008-06-26

Updated

2017-09-29

CVE-2008-2883

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Jamroom versions 3.3.0 through 3.3.5

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm dir] parameter. This is related to the include/plugins/jrBrowser/payment.php file.

Recommendations For Jamroom versions 3.3.0 through 3.3.5, consider restricting access to the vulnerable payment.php file until a patch is available. Avoid using the jamroom[jm dir] parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-2883

Affected Products

Jamroom

PT-2008-4322 · Jamroom · Jamroom

CVE-2008-2883

Weakness Enumeration

Related Identifiers

Affected Products

References · 6