CVE: CVE-2008-2018

Export to Word

The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.02386
Percentile: 0.84338

CVSS Scoring

CVSS v2 Score: 4.0

Severity:

Mapped CWE(s)

CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor

All CAPEC(s)

CAPEC-116: Excavation
CAPEC-13: Subverting Environment Variable Values
CAPEC-169: Footprinting
CAPEC-22: Exploiting Trust in Client
CAPEC-224: Fingerprinting
CAPEC-285: ICMP Echo Request Ping
CAPEC-287: TCP SYN Scan
CAPEC-290: Enumerate Mail Exchange (MX) Records
CAPEC-291: DNS Zone Transfers
CAPEC-292: Host Discovery
CAPEC-293: Traceroute Route Enumeration
CAPEC-294: ICMP Address Mask Request
CAPEC-295: Timestamp Request
CAPEC-296: ICMP Information Request
CAPEC-297: TCP ACK Ping
CAPEC-298: UDP Ping
CAPEC-299: TCP SYN Ping
CAPEC-300: Port Scanning
CAPEC-301: TCP Connect Scan
CAPEC-302: TCP FIN Scan
CAPEC-303: TCP Xmas Scan
CAPEC-304: TCP Null Scan
CAPEC-305: TCP ACK Scan
CAPEC-306: TCP Window Scan
CAPEC-307: TCP RPC Scan
CAPEC-308: UDP Scan
CAPEC-309: Network Topology Mapping
CAPEC-310: Scanning for Vulnerable Software
CAPEC-312: Active OS Fingerprinting
CAPEC-313: Passive OS Fingerprinting
CAPEC-317: IP ID Sequencing Probe
CAPEC-318: IP 'ID' Echoed Byte-Order Probe
CAPEC-319: IP (DF) 'Don't Fragment Bit' Echoing Probe
CAPEC-320: TCP Timestamp Probe
CAPEC-321: TCP Sequence Number Probe
CAPEC-322: TCP (ISN) Greatest Common Divisor Probe
CAPEC-323: TCP (ISN) Counter Rate Probe
CAPEC-324: TCP (ISN) Sequence Predictability Probe
CAPEC-325: TCP Congestion Control Flag (ECN) Probe
CAPEC-326: TCP Initial Window Size Probe
CAPEC-327: TCP Options Probe
CAPEC-328: TCP 'RST' Flag Checksum Probe
CAPEC-329: ICMP Error Message Quoting Probe
CAPEC-330: ICMP Error Message Echoing Integrity Probe
CAPEC-472: Browser Fingerprinting
CAPEC-497: File Discovery
CAPEC-508: Shoulder Surfing
CAPEC-573: Process Footprinting
CAPEC-574: Services Footprinting
CAPEC-575: Account Footprinting
CAPEC-576: Group Permission Footprinting
CAPEC-577: Owner Footprinting
CAPEC-59: Session Credential Falsification through Prediction
CAPEC-60: Reusing Session IDs (aka Session Replay)
CAPEC-616: Establish Rogue Location
CAPEC-643: Identify Shared Files/Directories on System
CAPEC-646: Peripheral Footprinting
CAPEC-651: Eavesdropping
CAPEC-79: Using Slashes in Alternate Encoding

CAPEC(s) with Mapped TTPs

CAPEC-13: Subverting Environment Variable Values
Mapped TTPs:
- T1562.003 : Impair Command History Logging
- T1574.006 : Dynamic Linker Hijacking
- T1574.007 : Path Interception by PATH Environment Variable
CAPEC-169: Footprinting
Mapped TTPs:
- T1217 : Browser Information Discovery
- T1592 : Gather Victim Host Information
- T1595 : Active Scanning
CAPEC-292: Host Discovery
Mapped TTPs:
- T1018 : Remote System Discovery
CAPEC-295: Timestamp Request
Mapped TTPs:
- T1124 : System Time Discovery
CAPEC-300: Port Scanning
Mapped TTPs:
- T1046 : Network Service Discovery
CAPEC-309: Network Topology Mapping
Mapped TTPs:
- T1016 : System Network Configuration Discovery
- T1049 : System Network Connections Discovery
- T1590 : Gather Victim Network Information
CAPEC-312: Active OS Fingerprinting
Mapped TTPs:
- T1082 : System Information Discovery
CAPEC-313: Passive OS Fingerprinting
Mapped TTPs:
- T1082 : System Information Discovery
CAPEC-497: File Discovery
Mapped TTPs:
- T1083 : File and Directory Discovery
CAPEC-573: Process Footprinting
Mapped TTPs:
- T1057 : Process Discovery
CAPEC-574: Services Footprinting
Mapped TTPs:
- T1007 : System Service Discovery
CAPEC-575: Account Footprinting
Mapped TTPs:
- T1087 : Account Discovery
CAPEC-576: Group Permission Footprinting
Mapped TTPs:
- T1069 : Permission Groups Discovery
- T1615 : Group Policy Discovery
CAPEC-577: Owner Footprinting
Mapped TTPs:
- T1033 : System Owner/User Discovery
CAPEC-60: Reusing Session IDs (aka Session Replay)
Mapped TTPs:
- T1134.001 : Token Impersonation/Theft
- T1550.004 : Web Session Cookie
CAPEC-616: Establish Rogue Location
Mapped TTPs:
- T1036.005 : Match Legitimate Resource Name or Location
CAPEC-643: Identify Shared Files/Directories on System
Mapped TTPs:
- T1135 : Network Share Discovery
CAPEC-646: Peripheral Footprinting
Mapped TTPs:
- T1120 : Peripheral Device Discovery
CAPEC-651: Eavesdropping
Mapped TTPs:
- T1111 : Multi-Factor Authentication Interception

Mapped ATT&CK TTPs

T1562.003 : Impair Command History Logging
Kill Chain: defense-evasion
T1574.006 : Dynamic Linker Hijacking
Kill Chain: persistence
T1574.007 : Path Interception by PATH Environment Variable
Kill Chain: persistence
T1217 : Browser Information Discovery
Kill Chain: discovery
T1592 : Gather Victim Host Information
Kill Chain: reconnaissance
T1595 : Active Scanning
Kill Chain: reconnaissance
T1018 : Remote System Discovery
Kill Chain: discovery
T1124 : System Time Discovery
Kill Chain: discovery
T1046 : Network Service Discovery
Kill Chain: discovery
T1016 : System Network Configuration Discovery
Kill Chain: discovery
T1049 : System Network Connections Discovery
Kill Chain: discovery
T1590 : Gather Victim Network Information
Kill Chain: reconnaissance
T1082 : System Information Discovery
Kill Chain: discovery
T1082 : System Information Discovery
Kill Chain: discovery
T1083 : File and Directory Discovery
Kill Chain: discovery
T1057 : Process Discovery
Kill Chain: discovery
T1007 : System Service Discovery
Kill Chain: discovery
T1087 : Account Discovery
Kill Chain: discovery
T1069 : Permission Groups Discovery
Kill Chain: discovery
T1615 : Group Policy Discovery
Kill Chain: discovery
T1033 : System Owner/User Discovery
Kill Chain: discovery
T1134.001 : Token Impersonation/Theft
Kill Chain: defense-evasion
T1550.004 : Web Session Cookie
Kill Chain: defense-evasion
T1036.005 : Match Legitimate Resource Name or Location
Kill Chain: defense-evasion
T1135 : Network Share Discovery
Kill Chain: discovery
T1120 : Peripheral Device Discovery
Kill Chain: discovery
T1111 : Multi-Factor Authentication Interception
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

C0027
Operation Wocao
FunnyDream
ArcaneDoor
SolarWinds Compromise
Operation CuckooBees
Juicy Mix
CostaRicto
Operation Honeybee
2016 Ukraine Electric Power Attack
RedDelta Modified PlugX Infection Chain Operations
2015 Ukraine Electric Power Attack
C0018
Operation Dream Job
C0015
Frankenstein
Outer Space
Night Dragon
Leviathan Australian Intrusions
ShadowRay
C0032
HomeLand Justice
C0017
Operation Sharpshooter
Cutting Edge
J-magic Campaign
Triton Safety Instrumented System Attack
KV Botnet Activity

Affected Products

cpe:2.3:a:phpizabi:phpizabi:0.848b:*:*:*:*:*:*:*

← Back to Home