CVE-2008-3922

critical

Description

awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.

References

https://www.exploit-db.com/exploits/6368

https://exchange.xforce.ibmcloud.com/vulnerabilities/44712

http://www.vupen.com/english/advisories/2008/2442

http://www.telartis.nl/xcms/awstats/

http://www.securityfocus.com/bid/30856

http://www.securityfocus.com/archive/1/495770/100/0/threaded

http://www.exploit-db.com/exploits/17324

http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt

http://securityreason.com/securityalert/8259

http://securityreason.com/securityalert/4218

http://secunia.com/advisories/31630

Details

Source: Mitre, NVD

Published: 2008-09-04

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics