Home > Vulnerability Database > CVE-2008-5906

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-5906

Date: January 15, 2009

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts.

Severity Score

5.6

Related Resources (16)

Url: http://secunia.com/advisories/32442

Url: http://secunia.com/advisories/33675

Url: http://ktorrent.org/?q=node/23

Url: http://www.securityfocus.com/bid/31927

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-5906

Url: http://www.vupen.com/english/advisories/2008/2911

Url: http://www.ubuntu.com/usn/USN-711-1

Url: http://secunia.com/advisories/32447

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/46118

Url: http://secunia.com/advisories/34003

Url: https://bugs.gentoo.org/show_bug.cgi?id=244741

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5906

Url: http://security.gentoo.org/glsa/glsa-200902-05.xml

Url: http://openwall.com/lists/oss-security/2009/01/08/1

Url: https://www.mend.io/vulnerability-database/CVE-2008-5906

Severity Score

5.6

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us