Detections
Analytics

CVE-2008-5090

critical

Description

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.

References

https://www.exploit-db.com/exploits/6499

https://exchange.xforce.ibmcloud.com/vulnerabilities/45270

http://www.securityfocus.com/archive/1/496552/100/0/threaded

http://www.gulftech.org/?node=research&article_id=00131-09202008

http://www.anelectron.com/board/index.php?tid=3282

http://securityreason.com/securityalert/4598

http://secunia.com/advisories/31978

Details

Source: Mitre, NVD

Published: 2008-11-14

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.10554