Vulnerability Details : CVE-2008-6132
Public exploit exists!
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.
Exploit prediction scoring system (EPSS) score for CVE-2008-6132
Probability of exploitation activity in the next 30 days: 78.88%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-6132
-
phpScheduleIt PHP reserve.php start_date Parameter Arbitrary Code Injection
Disclosure Date: 2008-10-01First seen: 2020-04-26exploit/multi/http/phpscheduleit_start_dateThis module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpSched
CVSS scores for CVE-2008-6132
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2008-6132
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-6132
-
http://www.securityfocus.com/bid/31520
phpScheduleIt 'reserve.php' Remote Code Execution VulnerabilityExploit
-
http://www.exploit-db.com/exploits/6646
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45617
-
http://www.exploit-db.com/exploits/18037
- http://sourceforge.net/project/shownotes.php?release_id=662749
- http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328
Products affected by CVE-2008-6132
- cpe:2.3:a:brickhost:phpscheduleit:*:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.0:beta:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.0.0rc1:*:*:*:*:*:*:*
- cpe:2.3:a:brickhost:phpscheduleit:1.2.8:*:*:*:*:*:*:*