CVE-2008-5090

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.

Published: Nov 14, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-5090
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
anelectron / advanced_electron_forum	-	1.0.6.x
anelectron / advanced_electron_forum	1.0.2	1.0.2.x
anelectron / advanced_electron_forum	1.0.5	1.0.5.x
anelectron / advanced_electron_forum	1.0.3	1.0.3.x
anelectron / advanced_electron_forum	1.0.1	1.0.1.x
anelectron / advanced_electron_forum	1.0.4	1.0.4.x

http://secunia.com/advisories/31978
http://securityreason.com/securityalert/4598
http://www.anelectron.com/board/index.php?tid=3282
http://www.gulftech.org/?node=research&article_id=00131-09202008
http://www.securityfocus.com/archive/1/496552/100/0/threaded
http://www.securityfocus.com/bid/31268
https://exchange.xforce.ibmcloud.com/vulnerabilities/45270
https://www.exploit-db.com/exploits/6499

Vulnerability Database

CVE-2008-5090