CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-5167

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile41.63th
Published2008年11月19日
Last Modified2026年4月23日

Vulnerability Description

PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.

Affected Platforms (CPE)

📦
Boonex

Orca

= 2.0
📦
Boonex

Orca

= 2.0.2

References & Advisories

🔗 http://secunia.com/advisories/30855
🔗 http://securityreason.com/securityalert/4616
🔗 http://www.securityfocus.com/bid/29974
🔗 https://www.exploit-db.com/exploits/5955
🔗 https://www.exploit-db.com/exploits/6282
🔗 http://secunia.com/advisories/30855
🔗 http://securityreason.com/securityalert/4616
🔗 http://www.securityfocus.com/bid/29974

関連する脆弱性情報

CVE-2021-359639.8

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remo...

CVE-2021-359659.8

The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code ...

CVE-2020-93018.8

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, ...

CVE-2014-81847.8

A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in libl...