CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-6761

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0650%
EPSS Percentile28.82th
Published2009年4月28日
Last Modified2026年4月23日

Vulnerability Description

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.

Affected Platforms (CPE)

📦
China On Site

Flexcustomer0.0.6

All versions

References & Advisories

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/47652
🔗 https://www.exploit-db.com/exploits/7622
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/47652
🔗 https://www.exploit-db.com/exploits/7622

関連する脆弱性情報

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2008-461510.0

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.

CVE-2008-034410.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote a...