CVE-2008-6132 - Vulnerability Details - OpenCVE

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Brickhost	Phpscheduleit

Configuration 1 [-]

OR	cpe:2.3:a:brickhost:phpscheduleit::::::::
	cpe:2.3:a:brickhost:phpscheduleit:1.0:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.0.0rc1:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.0_rc1:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.2.0:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.2.0:beta::::::
	cpe:2.3:a:brickhost:phpscheduleit:1.2.0:rc1::::::
	cpe:2.3:a:brickhost:phpscheduleit:1.2.1:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.2.2:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.2.3:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.2.4:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.2.5:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.2.6:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.2.7:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.2.8:::::::*
	cpe:2.3:a:brickhost:phpscheduleit:1.2.9:::::::*

No data.

References

Link	Providers
http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328
http://secunia.com/advisories/32073
http://sourceforge.net/project/shownotes.php?release_id=662749
http://www.exploit-db.com/exploits/18037
http://www.exploit-db.com/exploits/6646
http://www.osvdb.org/48797
http://www.securityfocus.com/bid/31520
https://exchange.xforce.ibmcloud.com/vulnerabilities/45617

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-13T18:00:00

Updated: 2024-08-07T11:20:25.598Z

Reserved: 2009-02-13T00:00:00

Link: CVE-2008-6132

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-02-13T18:30:04.670

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-6132

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-01T00:00:00", "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328"}, {"name": "18037", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/18037"}, {"name": "48797", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/48797"}, {"name": "phpscheduleit-reserve-code-execution(45617)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45617"}, {"name": "6646", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/6646"}, {"name": "32073", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32073"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=662749"}, {"name": "31520", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31520"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6132", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328", "refsource": "CONFIRM", "url": "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328"}, {"name": "18037", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18037"}, {"name": "48797", "refsource": "OSVDB", "url": "http://www.osvdb.org/48797"}, {"name": "phpscheduleit-reserve-code-execution(45617)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45617"}, {"name": "6646", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/6646"}, {"name": "32073", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32073"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=662749", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=662749"}, {"name": "31520", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31520"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:20:25.598Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328"}, {"name": "18037", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/18037"}, {"name": "48797", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/48797"}, {"name": "phpscheduleit-reserve-code-execution(45617)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45617"}, {"name": "6646", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/6646"}, {"name": "32073", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32073"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=662749"}, {"name": "31520", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31520"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6132", "datePublished": "2009-02-13T18:00:00", "dateReserved": "2009-02-13T00:00:00", "dateUpdated": "2024-08-07T11:20:25.598Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brickhost:phpscheduleit:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B75C18C-AE27-4EA1-8D67-999C1647DBF8", "versionEndIncluding": "1.2.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D449C2F-B0DC-4356-99D2-AC3F1D69B98E", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.0.0rc1:*:*:*:*:*:*:*", "matchCriteriaId": "340B6312-4AB4-41AA-BA62-2BFD69B767C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "72A3FEB2-6FF3-43E7-8C80-44F3E366DF7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7663D802-7547-4FE0-B5A3-D20B18ADB6E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.0:beta:*:*:*:*:*:*", "matchCriteriaId": "D69ADD45-37E8-480F-8C06-3295A9BB5B78", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "FC0D9466-E7BD-4D1C-9AFA-596198A5B65E", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFB149A8-0B97-438B-8351-91446232D500", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1FCC62CE-E455-449C-A03E-23C97D834143", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "3019FB4F-E2E1-4E4B-B537-F6E12262950B", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "5D209B2F-11D9-4C66-AA9D-ABF706B436A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "82A187A7-6985-464C-B9E5-81FFB815261D", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "F79B653B-9D13-4B72-83EB-E3DB806B815B", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "8B218350-9512-4C0A-9BDD-3DF7CE26921E", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "3961BA66-151D-44CA-9E6F-7AABF3EA15CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:brickhost:phpscheduleit:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "0CDB5CB2-19E6-4CF9-90A5-44FC4E1CC683", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n en la evaluaci\u00f3n de par\u00e1metros en reserve.php en phpScheduleIt v1.2.10 y versiones anteriores, cuando magic_quotes_gpc est\u00e1 deshabilitado, permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante el par\u00e1metro \"start_date\"."}], "id": "CVE-2008-6132", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-13T18:30:04.670", "references": [{"source": "cve@mitre.org", "url": "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32073"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=662749"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/18037"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/6646"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/48797"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31520"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=662749"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/18037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/6646"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/48797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45617"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}