CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4502

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile10.26th
PublishedOct 9, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.

Affected Platforms (CPE)

πŸ“¦
Datafeedfile

Dff Framework Api

All versions

References & Advisories

πŸ”— http://secunia.com/advisories/32166
πŸ”— http://securityreason.com/securityalert/4370
πŸ”— http://www.securityfocus.com/bid/31644
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/45764
πŸ”— https://www.exploit-db.com/exploits/6700
πŸ”— http://secunia.com/advisories/32166
πŸ”— http://securityreason.com/securityalert/4370
πŸ”— http://www.securityfocus.com/bid/31644

Related Vulnerabilities

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-461510.0

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.