fkie_nvd - fkie_cve-2008-3368

fkie_cve-2008-3368

Vulnerability from fkie_nvd

Published

2008-07-30 17:41

Modified

2024-11-21 00:49

Severity ?

Summary

PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/31274	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/4064
cve@mitre.org	http://www.securityfocus.com/bid/30412
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2206/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/44051
cve@mitre.org	https://www.exploit-db.com/exploits/6153
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31274	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4064
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30412
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2206/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44051
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/6153

Impacted products

Vendor	Product	Version
atutor	atutor	*
atutor	atutor	0.9.6
atutor	atutor	0.9.7
atutor	atutor	1.0
atutor	atutor	1.2.1
atutor	atutor	1.2.2
atutor	atutor	1.3
atutor	atutor	1.3.1
atutor	atutor	1.3.2
atutor	atutor	1.3.3
atutor	atutor	1.4
atutor	atutor	1.4.1
atutor	atutor	1.4.2
atutor	atutor	1.4.3
atutor	atutor	1.5.1
atutor	atutor	1.5.2
atutor	atutor	1.5.3
atutor	atutor	1.5.3.1
atutor	atutor	1.5.3.2
atutor	atutor	1.5.4
atutor	atutor	1.5.5
atutor	atutor	1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atutor:atutor:*:pl1:*:*:*:*:*:*",
              "matchCriteriaId": "5646E7ED-B82B-4D6E-B9B9-E75299A35B39",
              "versionEndIncluding": "1.6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "29578CEF-9EC3-4A3D-ADB0-528B7AFA592F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F2D8D00-F509-49BB-8594-D0FD2C8A5011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D4F1FB2-F35E-444F-8A7F-77C6FDCE9CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED293AE-94FD-444B-85A6-3ABCC7C97654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE4E6E1-0B9B-4EBE-8727-AD04E1BB5C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "827CD64E-2E84-422A-A405-16FCB4E80863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE05B757-B3B2-47DE-AFB6-073D5C639D07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D97A1FF-B3B4-406C-814A-F7504B9EE290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A3D3293-3761-46BE-B581-8B8447FB5059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C48DDB-B334-499A-9C1B-122D6942BD57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E682277-2B37-4C0B-98F5-52A4427B8853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "341B04AA-926D-400E-9A47-D2F183E26AC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "05E50596-38A3-4C7A-9561-99950DA33A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA98319-09F3-4AE9-AF14-B1BE424AB7DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C60745C-ECC2-41AD-8795-6D274F269F85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2765EAFB-6663-4F16-B285-6DA8D26E6CD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5B36A11-B728-468A-802E-A7C8362D154A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "189D9776-C554-4084-8C31-21935F83A416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D08E87-E4BC-449F-93B6-D567926BCE84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC1FDA3-8B9A-4293-974F-F07517F3581C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E84A54D-D3E2-4B7C-809D-7719FD92ECD0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inclusi\u00f3n remota de archivo PHP en tools/packages/import.php en ATutor 1.6.1 pl1 y anteriores, permite a administradores autenticados remotamente ejecutar c\u00f3digo PHP a trav\u00e9s de una URL en el par\u00e1metro \"type\"."
    }
  ],
  "id": "CVE-2008-3368",
  "lastModified": "2024-11-21T00:49:05.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-07-30T17:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31274"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4064"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/30412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2206/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44051"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/6153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2206/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6153"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2008-3368

Vulnerability from cvelistv5

Published

2008-07-30 17:00

Modified

2024-08-07 09:37