CVE-2008-5090

Anelectron Advanced Electron Forum < 1.0.6 - Code Injection

Title source: rule

Description

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6499

View Code ZIP pw:eip

References (8)

Core 8

Core References

Vendor Advisory x_refsource_confirm

http://www.anelectron.com/board/index.php?tid=3282

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45270

Various Sources x_refsource_misc

http://www.gulftech.org/?node=research&article_id=00131-09202008

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31978

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/496552/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4598

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6499

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31268

Scores

EPSS 0.1427

EPSS Percentile 94.4%

Details

CWE

CWE-94

Status published

Products (6)

anelectron/advanced_electron_forum 1.0.1

anelectron/advanced_electron_forum 1.0.2

anelectron/advanced_electron_forum 1.0.3

anelectron/advanced_electron_forum 1.0.4

anelectron/advanced_electron_forum 1.0.5

anelectron/advanced_electron_forum < 1.0.6

Published Nov 14, 2008

Tracked Since Feb 18, 2026