CyberSec.Space Logo
Back to CVE Browser

CVE-2008-6761

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0650%
EPSS Percentile28.82th
PublishedApr 28, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.

Affected Platforms (CPE)

πŸ“¦
China On Site

Flexcustomer0.0.6

All versions

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/47652
πŸ”— https://www.exploit-db.com/exploits/7622
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/47652
πŸ”— https://www.exploit-db.com/exploits/7622

Related Vulnerabilities

CVE-2008-116710.0

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remo...

CVE-2008-086010.0

Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vect...

CVE-2008-082410.0

Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.

CVE-2008-136910.0

A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_conf...