PT-2008-6746 · Php · Php
Published
2008-12-19
·
Updated
2024-02-14
·
CVE-2008-5694
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Sandbox version 1.4.1
Description
A remote file inclusion issue in lib/jpgraph/jpgraph errhandler.inc.php might allow remote attackers to execute arbitrary PHP code. The issue may be located in Aditus JpGraph rather than Sandbox.
Recommendations
For version 1.4.1, consider restricting access to the lib/jpgraph/jpgraph errhandler.inc.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php