What is CVE-2008-3922?

CVE-2008-3922 is a vulnerability in N/a. Published 2008-09-04.

Is CVE-2008-3922 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2008-3922

awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.

EPSS: 0.914 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

6368 (exploit, x_refsource_EXPLOIT-DB)
17324 (exploit, x_refsource_EXPLOIT-DB)
userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt (x_refsource_MISC)
www.telartis.nl/xcms/awstats/ (x_refsource_CONFIRM)
awstatstotals-multisort-command-execution(44712) (vdb-entry, x_refsource_XF)
4218 (x_refsource_SREASON, third-party-advisory)
ADV-2008-2442 (vdb-entry, x_refsource_VUPEN)
31630 (x_refsource_SECUNIA, third-party-advisory)
8259 (x_refsource_SREASON, third-party-advisory)
30856 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2008-3922?: CVE-2008-3922 is a vulnerability in N/a. Published 2008-09-04.
Is CVE-2008-3922 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.