← back
CVE-2008-2018

CVE-2008-2018

EPSS 2.2%
The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/5506unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/42143https://www.exploit-db.com/exploits/5506http://www.securityfocus.com/bid/28954