PT-2008-4584 · Boonex · Boonex Ray

Romancyxhacker

Published

2008-07-14

Updated

2017-09-29

CVE-2008-3166

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: BoonEx Ray version 3.5

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter in the modules/global/inc/content.inc.php file when register globals is enabled.

Recommendations: For BoonEx Ray version 3.5, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the modules/global/inc/content.inc.php file to minimize the risk of exploitation. Avoid using the sIncPath parameter in affected API endpoints until the issue is resolved.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-3166

Affected Products

Boonex Ray

PT-2008-4584 · Boonex · Boonex Ray

CVE-2008-3166

Weakness Enumeration

Related Identifiers

Affected Products

References · 7