{ "id": "CVE-2008-6543", "sourceIdentifier": "cve@mitre.org", "published": "2009-03-30T01:30:00.407", "lastModified": "2017-08-17T01:29:22.897", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, and (13) verify.php3 in controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc, (35) include/usersHead.inc, and (36) style/default.scheme.inc." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades de inclusi\u00f3n remota de fichero en ComScripts TEAM Quick Classifieds v1.0 a trav\u00e9s del par\u00e1metro DOCUMENT_ROOT a (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, y(5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, y (13) verify.php3 en controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, y (31) setUp.php3 en controlpannel/; (32) include/sendit.php3 y (33) include/sendit2.php3; y probablemente (34) include/adminHead.inc, (35) include/usersHead.inc, y (36) style/default.scheme.inc." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-94" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:comscripts:quick_classifieds:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A4EB848-60E9-4F8D-A861-D1E38D2C0FB9" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/28417", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.securityfocus.com/bid/28417/exploit", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42469", "source": "cve@mitre.org" } ] }