CVE-2008-7268

Description

The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php.

Affected products

• boka / siteengine5.0 – 5.0

References

• EXPLOIThttps://www.exploit-db.com/exploits/6823
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/46180
• VENDOR_ADVISORYhttp://secunia.com/advisories/32404
• MISChttp://www.securityfocus.com/archive/1/497747/100/0/threaded