CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-3922

awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.914

EPSS Ranking 99.6%

CVSS Severity

CVSS v2 Score 9.3

References

http://secunia.com/advisories/31630
http://securityreason.com/securityalert/4218
http://securityreason.com/securityalert/8259
http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt
http://www.exploit-db.com/exploits/17324
http://www.securityfocus.com/archive/1/495770/100/0/threaded
http://www.securityfocus.com/bid/30856
http://www.telartis.nl/xcms/awstats/
http://www.vupen.com/english/advisories/2008/2442
https://exchange.xforce.ibmcloud.com/vulnerabilities/44712
https://www.exploit-db.com/exploits/6368
http://secunia.com/advisories/31630
http://securityreason.com/securityalert/4218
http://securityreason.com/securityalert/8259
http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt
http://www.exploit-db.com/exploits/17324
http://www.securityfocus.com/archive/1/495770/100/0/threaded
http://www.securityfocus.com/bid/30856
http://www.telartis.nl/xcms/awstats/
http://www.vupen.com/english/advisories/2008/2442
https://exchange.xforce.ibmcloud.com/vulnerabilities/44712
https://www.exploit-db.com/exploits/6368

Products affected by CVE-2008-3922

Telartis Bv » Awstats Totals » Version: 1.0

cpe:2.3:a:telartis_bv:awstats_totals:1.0
Telartis Bv » Awstats Totals » Version: 1.1

cpe:2.3:a:telartis_bv:awstats_totals:1.1
Telartis Bv » Awstats Totals » Version: 1.11

cpe:2.3:a:telartis_bv:awstats_totals:1.11
Telartis Bv » Awstats Totals » Version: 1.13

cpe:2.3:a:telartis_bv:awstats_totals:1.13
Telartis Bv » Awstats Totals » Version: 1.14

cpe:2.3:a:telartis_bv:awstats_totals:1.14

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-3922

Products

Pricing

Contact Us