CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5167

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile41.63th
PublishedNov 19, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.

Affected Platforms (CPE)

πŸ“¦
Boonex

Orca

= 2.0
πŸ“¦
Boonex

Orca

= 2.0.2

References & Advisories

πŸ”— http://secunia.com/advisories/30855
πŸ”— http://securityreason.com/securityalert/4616
πŸ”— http://www.securityfocus.com/bid/29974
πŸ”— https://www.exploit-db.com/exploits/5955
πŸ”— https://www.exploit-db.com/exploits/6282
πŸ”— http://secunia.com/advisories/30855
πŸ”— http://securityreason.com/securityalert/4616
πŸ”— http://www.securityfocus.com/bid/29974

Related Vulnerabilities

CVE-2021-359639.8

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remo...

CVE-2021-359659.8

The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code ...

CVE-2020-93018.8

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, ...

CVE-2014-81847.8

A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in libl...