CVE-2008-6665

Description

change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection.

Affected products

• anantasoft / ananta_cms1.0b5 – 1.0b5

References

• EXPLOIThttps://www.exploit-db.com/exploits/5824
• MISChttp://www.securityfocus.com/bid/29752
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43119