CyberSec.Space Logo
Back to CVE Browser

CVE-2008-6651

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile21.45th
PublishedApr 7, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter.

Affected Platforms (CPE)

πŸ“¦
Oxyproject

Oxybox

= 0.85

References & Advisories

πŸ”— http://www.securityfocus.com/bid/28992
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/42110
πŸ”— https://www.exploit-db.com/exploits/5524
πŸ”— http://www.securityfocus.com/bid/28992
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/42110
πŸ”— https://www.exploit-db.com/exploits/5524

Related Vulnerabilities

CVE-2008-034910.0

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8....

CVE-2008-034710.0

Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, a...

CVE-2008-034810.0

Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.2...

CVE-2008-540310.0

Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbi...