CVE-2008-5060

Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
modernbillmodernbill
𝑥
≤ 4.4
modernbillmodernbill
𝑥
≤ 4.4.0
modernbillmodernbill
2.01
modernbillmodernbill
2.02s:s
modernbillmodernbill
3.0:beta
modernbillmodernbill
3.1.0
modernbillmodernbill
3.1.3
modernbillmodernbill
4.0.1:rc7
modernbillmodernbill
4.0.1:rc8
modernbillmodernbill
4.0.2
modernbillmodernbill
4.1.1
modernbillmodernbill
4.1.2
modernbillmodernbill
4.1.3
modernbillmodernbill
4.2.1
modernbillmodernbill
4.3.0
modernbillmodernbill
4.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/32529
http://securityreason.com/securityalert/4587
https://exchange.xforce.ibmcloud.com/vulnerabilities/46513
https://www.exploit-db.com/exploits/6916
http://secunia.com/advisories/32529
http://securityreason.com/securityalert/4587
https://exchange.xforce.ibmcloud.com/vulnerabilities/46513
https://www.exploit-db.com/exploits/6916