CVE-2008-6665

Published: Apr 8, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection.

Affected (1)

Products: Anantasoft: Ananta Cms

Anantasoft

1 product

Ananta Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Anantasoft Ananta Cms	Version 1.0b5

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

http://www.securityfocus.com/bid/29752

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/43119

Source: cve@mitre.org

https://www.exploit-db.com/exploits/5824

Source: cve@mitre.org

http://www.securityfocus.com/bid/29752

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/43119

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/5824

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.