This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Phpizabi | First view | 2008-04-29 |
| Product | Phpizabi | Last view | 2008-04-29 |
| Version | 0.848b | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:phpizabi:phpizabi | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4 | 2008-04-29 | CVE-2008-2018 | The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-200 | Information Exposure |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 44778 | PHPizabi template.class.php AssignUser Function Remote Information Disclosure |
