CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-4439

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0140%
EPSS Percentile25.11th
Published2008年10月3日
Last Modified2026年4月23日

Vulnerability Description

PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected Platforms (CPE)

📦
Martinwood

Datafeed Studio

<= 1.6.2

References & Advisories

🔗 http://blog.datafeedstudio.com/datafeed-studio-v163-released
🔗 http://www.securityfocus.com/bid/30659
🔗 http://www.securityfocus.com/bid/30659/exploit
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/44420
🔗 http://blog.datafeedstudio.com/datafeed-studio-v163-released
🔗 http://www.securityfocus.com/bid/30659
🔗 http://www.securityfocus.com/bid/30659/exploit
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/44420

相关漏洞威胁

CVE-2008-44384.3

Cross-site scripting (XSS) vulnerability in search.php in Datafeed Studio 1.6.2 allows remote attackers to inject arbitrary web sc...

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...