CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5090

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile15.58th
PublishedNov 14, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.

Affected Platforms (CPE)

πŸ“¦
Anelectron

Advanced Electron Forum

<= 1.0.6
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.1
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.2
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.3
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.4
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.5

References & Advisories

πŸ”— http://secunia.com/advisories/31978
πŸ”— http://securityreason.com/securityalert/4598
πŸ”— http://www.anelectron.com/board/index.php?tid=3282
πŸ”— http://www.gulftech.org/?node=research&article_id=00131-09202008
πŸ”— http://www.securityfocus.com/archive/1/496552/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/31268
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/45270
πŸ”— https://www.exploit-db.com/exploits/6499

Related Vulnerabilities

CVE-2011-35828.8

A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirm...

CVE-2009-25456.8

SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to ex...

CVE-2011-37005.0

Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, w...

CVE-2018-130004.8

An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` e...