CVE-2008-3764 - OpenCVE

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Turnkeywebtools	Php Live Helper

Configuration 1 [-]

OR	cpe:2.3:a:turnkeywebtools:php_live_helper::::::::
	cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:::::::*
	cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_1::::::
	cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_2::::::
	cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_3::::::
	cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_4::::::
	cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_5::::::
	cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_6::::::

No data.

References

Link	Providers
http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt
http://secunia.com/advisories/31521
http://securityreason.com/securityalert/4178
http://www.gulftech.org/?node=research&article_id=00124-08162008
http://www.securityfocus.com/archive/1/495542/100/0/threaded
http://www.securityfocus.com/bid/30729
https://exchange.xforce.ibmcloud.com/vulnerabilities/44571
https://www.exploit-db.com/exploits/6261

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-08-21T17:00:00

Updated: 2024-08-07T09:52:59.926Z

Reserved: 2008-08-21T00:00:00

Link: CVE-2008-3764

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-08-21T17:41:00.000

Modified: 2018-10-11T20:49:42.857

Link: CVE-2008-3764

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "6261", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6261"}, {"name": "4178", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4178"}, {"name": "20080816 PHP Live Helper <= 2.0.1 Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/495542/100/0/threaded"}, {"name": "30729", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30729"}, {"tags": ["x_refsource_MISC"], "url": "http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt"}, {"name": "31521", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31521"}, {"name": "phplivehelper-chat-code-execution(44571)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44571"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gulftech.org/?node=research&article_id=00124-08162008"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3764", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "6261", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6261"}, {"name": "4178", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4178"}, {"name": "20080816 PHP Live Helper <= 2.0.1 Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495542/100/0/threaded"}, {"name": "30729", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30729"}, {"name": "http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt", "refsource": "MISC", "url": "http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt"}, {"name": "31521", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31521"}, {"name": "phplivehelper-chat-code-execution(44571)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44571"}, {"name": "http://www.gulftech.org/?node=research&article_id=00124-08162008", "refsource": "MISC", "url": "http://www.gulftech.org/?node=research&article_id=00124-08162008"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:52:59.926Z"}, "title": "CVE Program Container", "references": [{"name": "6261", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6261"}, {"name": "4178", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4178"}, {"name": "20080816 PHP Live Helper <= 2.0.1 Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/495542/100/0/threaded"}, {"name": "30729", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30729"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt"}, {"name": "31521", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31521"}, {"name": "phplivehelper-chat-code-execution(44571)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44571"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gulftech.org/?node=research&article_id=00124-08162008"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3764", "datePublished": "2008-08-21T17:00:00", "dateReserved": "2008-08-21T00:00:00", "dateUpdated": "2024-08-07T09:52:59.926Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:turnkeywebtools:php_live_helper:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7955136-21D9-43D2-8FC3-F929BB8C74AF", "versionEndIncluding": "2.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "824C4B8A-4A58-465E-9AD0-92AC3CCE01D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "47FAC4AC-BCED-4469-AF56-B0FF3FA47EC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "8E0355DB-27CE-4107-A12F-E65D9E3936E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_3:*:*:*:*:*:*", "matchCriteriaId": "6DB7C1FE-6A6C-4017-943C-C1BD7B9F141E", "vulnerable": true}, {"criteria": "cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_4:*:*:*:*:*:*", "matchCriteriaId": "017BA6C7-ADDD-4130-AD25-9AD26B9E2BB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_5:*:*:*:*:*:*", "matchCriteriaId": "AA4A9A64-A16B-485D-8451-C3271F1E0417", "vulnerable": true}, {"criteria": "cpe:2.3:a:turnkeywebtools:php_live_helper:2.0:beta_6:*:*:*:*:*:*", "matchCriteriaId": "ED67C8B9-9CEA-4E60-8364-53D280375D64", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n Eval en el archivo globalsoff.php en PHP Live Helper de Turnkey versi\u00f3n 2.0.1 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario por medio del par\u00e1metro test, y probablemente par\u00e1metros arbitrarios, en chat.php."}], "evaluatorSolution": "Upgrade to Version 2.1.0 - http://www.turnkeywebtools.com/esupport/index.php?_m=news&_a=viewnews&newsid=62", "id": "CVE-2008-3764", "lastModified": "2018-10-11T20:49:42.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-08-21T17:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31521"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4178"}, {"source": "cve@mitre.org", "url": "http://www.gulftech.org/?node=research&article_id=00124-08162008"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495542/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30729"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44571"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6261"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}