CVE-2008-6669

Dirk Bartley Nweb2fax < 0.2.7 - OS Command Injection

Title source: rule

Description

viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dun · textwebappsphp

https://www.exploit-db.com/exploits/5856

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5856

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29804

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/43174

Scores

EPSS 0.0571

EPSS Percentile 90.5%

Details

CWE

CWE-78

Status published

Products (7)

dirk_bartley/nweb2fax 0.1

dirk_bartley/nweb2fax 0.2

dirk_bartley/nweb2fax 0.2.1

dirk_bartley/nweb2fax 0.2.4

dirk_bartley/nweb2fax 0.2.5

dirk_bartley/nweb2fax 0.2.6

dirk_bartley/nweb2fax < 0.2.7

Published Apr 08, 2009

Tracked Since Feb 18, 2026