CVE-2008-6446

Geniuscyber Maxsite - Code Injection

Title source: rule

Description

Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CWH Underground · perlwebappsphp

https://www.exploit-db.com/exploits/7322

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7322

[Exploit] http://www.securityfocus.com/bid/32588

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/47025

Scores

EPSS 0.0320

EPSS Percentile 87.0%

Details

CWE

CWE-94

Status published

Products (1)

geniuscyber/maxsite

Published Mar 09, 2009

Tracked Since Feb 18, 2026