CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-4502

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile10.26th
Published2008年10月9日
Last Modified2026年4月23日

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.

Affected Platforms (CPE)

📦
Datafeedfile

Dff Framework Api

All versions

References & Advisories

🔗 http://secunia.com/advisories/32166
🔗 http://securityreason.com/securityalert/4370
🔗 http://www.securityfocus.com/bid/31644
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45764
🔗 https://www.exploit-db.com/exploits/6700
🔗 http://secunia.com/advisories/32166
🔗 http://securityreason.com/securityalert/4370
🔗 http://www.securityfocus.com/bid/31644

関連する脆弱性情報

CVE-2008-034410.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote a...

CVE-2008-034510.0

Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, ak...

CVE-2008-461510.0

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.

CVE-2008-524410.0

Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the la...