CVE-2008-6999

Published: Aug 19, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

Affected (2)

Products: Phpauction: Phpauction

Phpauction

1 product

Phpauction

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Phpauction Phpauction	Version 3.2
Phpauction Phpauction	Version 3.3.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://osvdb.org/47939

Source: cve@mitre.org

Exploit

http://packetstorm.linuxsecurity.com/0809-exploits/phpauction32-rfi.txt

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/31803

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/44936

Source: cve@mitre.org

http://osvdb.org/47939

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://packetstorm.linuxsecurity.com/0809-exploits/phpauction32-rfi.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/31803

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/44936

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.