Vulnerability Details : CVE-2008-5619
Public exploit exists!
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
Vulnerability category: Execute code
Products affected by CVE-2008-5619
- cpe:2.3:a:roundcube:webmail:0.2.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:roundcube:webmail:0.2.3:beta:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-5619
68.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5619
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-5619
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5619
-
https://www.exploit-db.com/exploits/7553
Roundcube Webmail 0.2b - Remote Code Execution - PHP webapps Exploit
-
http://www.vupen.com/english/advisories/2008/3419
Site en construction
-
http://sourceforge.net/forum/forum.php?forum_id=898542
Page not found - SourceForge.netVendor Advisory
-
https://github.com/PHPMailer/PHPMailer/commit/8beacc646acb67c995aea10ac5585970efc7355a
Add security notices · PHPMailer/PHPMailer@8beacc6 · GitHub
-
https://www.exploit-db.com/exploits/7549
Roundcube Webmail 0.2-3 Beta - Code Execution - PHP webapps Exploit
-
http://www.vupen.com/english/advisories/2008/3418
Site en construction
-
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.html
[SECURITY] Fedora 8 Update: roundcubemail-0.2-4.beta.fc8
-
http://www.openwall.com/lists/oss-security/2008/12/12/1
oss-security - CVE Request - roundcubemail
-
http://mahara.org/interaction/forum/topic.php?id=533
Security Announcements - Remote code execution in Mahara 1.1.2 - Mahara ePortfolio System
-
http://www.securityfocus.com/archive/1/499489/100/0/threaded
-
http://trac.roundcube.net/ticket/1485618
Exploit
-
http://trac.roundcube.net/changeset/2148
Exploit
-
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.html
[SECURITY] Fedora 9 Update: roundcubemail-0.2-4.beta.fc9
Jump to