CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-2686

webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.048

EPSS Ranking 89.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/29618
https://exchange.xforce.ibmcloud.com/vulnerabilities/42961
https://www.exploit-db.com/exploits/5767
http://www.securityfocus.com/bid/29618
https://exchange.xforce.ibmcloud.com/vulnerabilities/42961
https://www.exploit-db.com/exploits/5767

Products affected by CVE-2008-2686

Flux Cms » Flux Cms » Version: Any

cpe:2.3:a:flux_cms:flux_cms:*
Flux Cms » Flux Cms » Version: 1.2

cpe:2.3:a:flux_cms:flux_cms:1.2
Flux Cms » Flux Cms » Version: 1.3

cpe:2.3:a:flux_cms:flux_cms:1.3
Flux Cms » Flux Cms » Version: 1.31

cpe:2.3:a:flux_cms:flux_cms:1.31
Flux Cms » Flux Cms » Version: 1.4

cpe:2.3:a:flux_cms:flux_cms:1.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-2686

Products

Pricing

Contact Us