CVE-2008-2128

Published: May 9, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185.

Affected (1)

Products: Cms Faethon: Cms Faethon

Cms Faethon

1 product

Cms Faethon

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cms Faethon Cms Faethon	Version 2.2

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/42376

Source: cve@mitre.org

https://www.exploit-db.com/exploits/5558

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42376

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/5558

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.