CVE-2008-5173

Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/30870	Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=609679	Patch
http://www.securityfocus.com/bid/29978
https://exchange.xforce.ibmcloud.com/vulnerabilities/43403

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:testmaker:testmaker::::::::
	cpe:2.3:a:testmaker:testmaker:3.0p3:::::::*
	cpe:2.3:a:testmaker:testmaker:3.0p4:::::::*
	cpe:2.3:a:testmaker:testmaker:3.0p5:::::::*
	cpe:2.3:a:testmaker:testmaker:3.0p6:::::::*
	cpe:2.3:a:testmaker:testmaker:3.0p7:::::::*
	cpe:2.3:a:testmaker:testmaker:3.0p8:::::::*
	cpe:2.3:a:testmaker:testmaker:3.0p9:::::::*
	cpe:2.3:a:testmaker:testmaker:3.0p10:::::::*
	cpe:2.3:a:testmaker:testmaker:3.0p11:::::::*
	cpe:2.3:a:testmaker:testmaker:3.0p12:::::::*
	cpe:2.3:a:testmaker:testmaker:3.0p13:::::::*
	cpe:2.3:a:testmaker:testmaker:3.0p14:::::::*

History

No history.

Information

Published : 2008-11-19 18:11

Updated : 2024-02-04 17:33

NVD link : CVE-2008-5173

Mitre link : CVE-2008-5173

CVE.ORG link : CVE-2008-5173

JSON object : View

Products Affected

testmaker

testmaker

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

NVD-CWE-noinfo

{"id": "CVE-2008-5173", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-11-19T18:11:49.983", "references": [{"url": "http://secunia.com/advisories/30870", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=609679", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29978", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43403", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en testMAker anterior a v3.0p16, permite a usuarios autenticados remotamente ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-08-08T01:33:09.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:testmaker:testmaker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D499FAE2-0940-4C49-831B-426E4B520E8B", "versionEndIncluding": "3.0p15"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A48ABB1-7B11-4670-958D-F3C4B7CCF407"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F756722F-C4F2-4F12-886B-4749894C9C5C"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B7FFA50-6F5D-4A52-A7AD-162FCA8A2535"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F242AFA-9F68-4DAD-BAE1-6EBBB2589163"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CAEDFCE-DBA9-4A09-9C49-A8E7A6A9060D"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADF6486D-BAC5-45A8-8852-83460059B135"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16A4365A-0AC2-46D9-B4E1-BFC98AC64582"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39C20268-595C-477E-9FB8-6D6DC7305115"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01A38FB4-49EE-4733-A108-3DB6B01522C9"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3D61BB4-750D-4756-8482-336A03CFA329"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8414E648-DD1B-4397-8660-5D30705B02D1"}, {"criteria": "cpe:2.3:a:testmaker:testmaker:3.0p14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E015276-2BF2-46F3-8FB7-77B1CAADC583"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}