×

注意!页面内容来自https://nvd.nist.gov/vuln/detail/CVE-2008-2018,本站不储存任何内容,为了更好的阅读体验进行在线解析,若有广告出现,请及时反馈。若您觉得侵犯了您的利益,请通知我们进行删除,然后访问 原网页

You are viewing this page in an unauthorized frame window.

This is a potential security issueyou are being redirected to https://nvd.nist.gov

U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on officialsecure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities
<> /* wrap the words for CVSS v4 */ #nistv4Metric { word-wrap: break-word; }

CVE-2008-2018 Detail

Description

The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characterswhich allows remote authenticated users to obtain sensitive information via a comment containing a macroas demonstrated by a "{user.password}" comment in the profile of the admin user.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.
CVSS 3.x Severity and Vector Strings:

NIST CVSS score
NIST: NVD
Base Score:  N/A
NVD assessment not yet provided.
CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology
NIST: NVD
Base Score:  4.0 MEDIUM
Vector:  (AV:N/AC:L/Au:S/C:P/I:N/A:N)

References to AdvisoriesSolutionsand Tools

By selecting these linksyou will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referencedor notfrom this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressedor concur with the facts presented on these sites. FurtherNIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://www.securityfocus.com/bid/28954 CVEMITRE
https://exchange.xforce.ibmcloud.com/vulnerabilities/42143 CVEMITRE
https://www.exploit-db.com/exploits/5506 CVEMITRE

Weakness Enumeration

CWE-ID CWE Name Source
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loadingplease wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

CVE Modified by CVE 11/20/2024 7:45:53 PM

Action Type Old Value New Value
Added Reference 
http://www.securityfocus.com/bid/28954
Added Reference 
https://exchange.xforce.ibmcloud.com/vulnerabilities/42143
Added Reference 
https://www.exploit-db.com/exploits/5506

CVE Modified by MITRE 5/13/2024 9:52:25 PM

Action Type Old Value New Value

CVE Modified by MITRE 9/28/2017 9:30:59 PM

Action Type Old Value New Value
Added Reference 
https://www.exploit-db.com/exploits/5506 [No Types Assigned]
Removed Reference 
http://www.milw0rm.com/exploits/5506 [Exploit]

CVE Modified by MITRE 8/07/2017 9:30:41 PM

Action Type Old Value New Value
Added Reference 
https://exchange.xforce.ibmcloud.com/vulnerabilities/42143 [No Types Assigned]
Removed Reference 
http://xforce.iss.net/xforce/xfdb/42143 [No Types Assigned]

Initial CVE Analysis 5/01/2008 7:10:00 PM

Action Type Old Value New Value

Quick Info

CVE Dictionary Entry:
CVE-2008-2018
NVD Published Date:
04/29/2008
NVD Last Modified:
04/08/2025
Source:
MITRE