CVE-2008-5694

Sandbox 1.4.1 - Remote Code Execution via PHP File Inclusion

Title source: llm
STIX 2.1

Description

PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox.

References (3)

Core 3
Core References
URL Repurposed x_refsource_misc
http://www.by-f10.com/bug.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47688
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487903/100/200/threaded

Scores

EPSS 0.0220
EPSS Percentile 80.3%

Details

CWE
CWE-94
Status published
Products (1)
sandbox/sandbox 1.4.1
Published Dec 19, 2008
Tracked Since Feb 18, 2026