CVE-2008-5694

PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors.  NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
sandboxsandbox
1.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.by-f10.com/bug.txt
http://www.securityfocus.com/archive/1/487903/100/200/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/47688
http://www.by-f10.com/bug.txt
http://www.securityfocus.com/archive/1/487903/100/200/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/47688