CVE-2008-3308

Description

PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter.

Affected products

• carlos_desseno / youtube_blog0.1 – 0.1

References

• MISChttp://securityreason.com/securityalert/4037
• VENDOR_ADVISORYhttp://secunia.com/advisories/31161
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43952
• EXPLOIThttps://www.exploit-db.com/exploits/6117
• MISChttp://www.securityfocus.com/bid/30345