CVE-2008-6036

Published: Feb 3, 2009Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter.

Affected (8)

Products: Basebuilder: Basebuilder

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Basebuilder Basebuilder	Up to 2.0.1
Basebuilder Basebuilder	Version 1.0.3
Basebuilder Basebuilder	Version 1.0
Basebuilder Basebuilder	Version 1.0 rc1
Basebuilder Basebuilder	Version 1.0 rc3
Basebuilder Basebuilder	Version 2.0
Basebuilder Basebuilder	Version 2.0 alpha
Basebuilder Basebuilder	Version 2.0 beta

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

http://secunia.com/advisories/31947

Source: cve@mitre.org

http://www.securityfocus.com/bid/31330

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2008/2653

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/45337

Source: cve@mitre.org

https://www.exploit-db.com/exploits/6533

Source: cve@mitre.org

http://secunia.com/advisories/31947

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31330

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2008/2653

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/45337

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/6533

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.