CVE-2008-2230

reportbug 3.8 and 3.31 - Unauthenticated Remote Code Execution via Malicious Module File

Title source: llm
STIX 2.1

Description

Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43001

Scores

EPSS 0.0053
EPSS Percentile 40.6%

Details

CWE
CWE-94
Status published
Products (41)
reportbug-ng/reportbug 3.8
reportbug-ng/reportbug 3.31
reportbug-ng/reportbug-ng 0.2007.03.10
reportbug-ng/reportbug-ng 0.2007.03.11
reportbug-ng/reportbug-ng 0.2007.03.13
reportbug-ng/reportbug-ng 0.2007.03.14
reportbug-ng/reportbug-ng 0.2007.03.15
reportbug-ng/reportbug-ng 0.2007.03.17
reportbug-ng/reportbug-ng 0.2007.03.19
reportbug-ng/reportbug-ng 0.2007.03.19.2
... and 31 more
Published Jun 11, 2008
Tracked Since Feb 18, 2026