ByteOS Network

NVD Vulnerability Details :

CVE-2008-3763

Modified

Source-cve@mitre.org

Published At-21 Aug, 2008 | 17:41

Updated At-11 Oct, 2018 | 20:49

Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov

Evaluator Solution

Upgrade to Version 2.1.0 - http://www.turnkeywebtools.com/esupport/index.php?_m=news&_a=viewnews&newsid=62

References

Hyperlink	Source	Resource
http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt	cve@mitre.org	N/A
http://secunia.com/advisories/31521	cve@mitre.org	Vendor Advisory
http://securityreason.com/securityalert/4178	cve@mitre.org	N/A
http://www.gulftech.org/?node=research&article_id=00124-08162008	cve@mitre.org	Exploit
http://www.securityfocus.com/archive/1/495542/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/30729	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44570	cve@mitre.org	N/A
https://www.exploit-db.com/exploits/6261	cve@mitre.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History