Back to CVE Browser

CVE-2008-4439

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0140%

EPSS Percentile25.11th

PublishedOct 3, 2008

Last ModifiedApr 23, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected Platforms (CPE)

📦

Martinwood

Datafeed Studio

<= 1.6.2

References & Advisories

🔗 http://blog.datafeedstudio.com/datafeed-studio-v163-released

🔗 http://www.securityfocus.com/bid/30659

🔗 http://www.securityfocus.com/bid/30659/exploit

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/44420

🔗 http://blog.datafeedstudio.com/datafeed-studio-v163-released

🔗 http://www.securityfocus.com/bid/30659

🔗 http://www.securityfocus.com/bid/30659/exploit

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/44420

Related Vulnerabilities

CVE-2008-44384.3

Cross-site scripting (XSS) vulnerability in search.php in Datafeed Studio 1.6.2 allows remote attackers to inject arbitrary web sc...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...

CVE-2008-467310.0

PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1...