FKIE_CVE-2008-4645

Vulnerability from fkie_nvd - Published: 2008-10-22 00:11 - Updated: 2025-04-09 00:30
Severity ?
Summary
plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.
References
cve@mitre.orghttp://securityreason.com/securityalert/4456
cve@mitre.orghttp://www.securityfocus.com/bid/31762Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/45875
cve@mitre.orghttps://www.exploit-db.com/exploits/6755
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/4456
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31762Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/45875
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/6755
Impacted products
Vendor Product Version
phpwebgallery phpwebgallery *
phpwebgallery phpwebgallery 1.0
phpwebgallery phpwebgallery 1.1
phpwebgallery phpwebgallery 1.2.1
phpwebgallery phpwebgallery 1.3.0
phpwebgallery phpwebgallery 1.3.1
phpwebgallery phpwebgallery 1.3.2
phpwebgallery phpwebgallery 1.3.3
phpwebgallery phpwebgallery 1.3.4
phpwebgallery phpwebgallery 1.4.0
phpwebgallery phpwebgallery 1.4.1
phpwebgallery phpwebgallery 1.5.0
phpwebgallery phpwebgallery 1.5.1
phpwebgallery phpwebgallery 1.5.2
phpwebgallery phpwebgallery 1.6.0
phpwebgallery phpwebgallery 1.6.1
phpwebgallery phpwebgallery 1.6.2
phpwebgallery phpwebgallery 1.7.0
phpwebgallery phpwebgallery 1.7.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B662306-A004-463F-BDA9-D52F5E47F380",
              "versionEndIncluding": "1.7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F0EE492-82CC-4B8D-A4C2-C03D90E3512C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A62835-F153-476A-8F73-D190E249C60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "18716F33-C917-477A-8B02-8F3E03BADD21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11243C68-0FEC-4C4B-B33A-CA393F6DCBA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCF0BF8D-0EBE-47E8-BF92-249308692253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9DC36B6-9AFA-4A90-ACBB-7BB25C27CBE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C904823-1291-4883-950E-089443E1306F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2847007A-5F0B-457E-9D56-1570B59B1589",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "340CE351-800F-4670-A4FF-2B56644B6DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B0A25DD-835C-43FF-A040-90B59B5C8D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E410A77F-8520-4011-A1CA-03B0A466CF11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "029740C0-CC4B-412A-AD11-8B1D7ED66996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B249FD5-B164-41F3-970E-8701C8C469CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "261EA07E-62B1-45DF-A21B-3F63B0E528FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B90E5405-7F62-4696-BC32-E0133A3E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "645D12DC-EBCE-4CAE-8B62-143B66AD1815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5256C5-8612-4961-B813-D560D59E59EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpwebgallery:phpwebgallery:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "874E8A29-1530-4744-A466-05AC7E543EC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function."
    },
    {
      "lang": "es",
      "value": "plugins/event_tracer/event_list.php en PhpWebGallery v1.7.2 y anteriores; permite a administradores autenticados en remoto ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de secuencias PHP en el par\u00e1metro \"sort\" (ordenar), que es procesado como por create_function."
    }
  ],
  "id": "CVE-2008-4645",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-22T00:11:50.883",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4456"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31762"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45875"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/6755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6755"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.