CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-5090

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile15.58th
Published2008年11月14日
Last Modified2026年4月23日

Vulnerability Description

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.

Affected Platforms (CPE)

📦
Anelectron

Advanced Electron Forum

<= 1.0.6
📦
Anelectron

Advanced Electron Forum

= 1.0.1
📦
Anelectron

Advanced Electron Forum

= 1.0.2
📦
Anelectron

Advanced Electron Forum

= 1.0.3
📦
Anelectron

Advanced Electron Forum

= 1.0.4
📦
Anelectron

Advanced Electron Forum

= 1.0.5

References & Advisories

🔗 http://secunia.com/advisories/31978
🔗 http://securityreason.com/securityalert/4598
🔗 http://www.anelectron.com/board/index.php?tid=3282
🔗 http://www.gulftech.org/?node=research&article_id=00131-09202008
🔗 http://www.securityfocus.com/archive/1/496552/100/0/threaded
🔗 http://www.securityfocus.com/bid/31268
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45270
🔗 https://www.exploit-db.com/exploits/6499

関連する脆弱性情報

CVE-2011-35828.8

A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirm...

CVE-2009-25456.8

SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to ex...

CVE-2011-37005.0

Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, w...

CVE-2018-130004.8

An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` e...