CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-0289

PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.021

EPSS Ranking 83.2%

CVSS Severity

CVSS v2 Score 6.8

References

http://securityreason.com/securityalert/3547
http://www.securityfocus.com/archive/1/486172/100/0/threaded
http://www.securityfocus.com/archive/1/486618/100/0/threaded
http://www.securityfocus.com/bid/27244
https://exchange.xforce.ibmcloud.com/vulnerabilities/39611
http://securityreason.com/securityalert/3547
http://www.securityfocus.com/archive/1/486172/100/0/threaded
http://www.securityfocus.com/archive/1/486618/100/0/threaded
http://www.securityfocus.com/bid/27244
https://exchange.xforce.ibmcloud.com/vulnerabilities/39611

Products affected by CVE-2008-0289

Mansion Productions » Member Area System » Version: Any

cpe:2.3:a:mansion_productions:member_area_system:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-0289

Products

Pricing

Contact Us