CVE-2008-6773

Peterselie Yourplace < 1.0.2 - Code Injection

Title source: rule

Description

Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the (1) fav1_url, (2) fav1_name, (3) fav2_url, (4) fav2_name, (5) fav3_url, (6) fav3_name, (7) fav4_url, (8) fav4_name, (9) fav5_url, or (10) fav5_name parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Osirys · textwebappsphp

https://www.exploit-db.com/exploits/7545

View Code ZIP pw:eip

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32971

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7545

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33272

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47562

Scores

EPSS 0.0319

EPSS Percentile 87.0%

Details

CWE

CWE-94

Status published

Products (3)

peterselie/yourplace 1.0

peterselie/yourplace 1.0.1

peterselie/yourplace < 1.0.2

Published Apr 29, 2009

Tracked Since Feb 18, 2026