VYPR
Unrated severityNVD Advisory· Published Apr 30, 2008· Updated Jun 16, 2026

CVE-2008-2018

CVE-2008-2018

Description

The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Phpizabi/Phpizabi2 versions
    cpe:2.3:a:phpizabi:phpizabi:0.848b:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:phpizabi:phpizabi:0.848b:*:*:*:*:*:*:*
    • (no CPE)range: 0.848b C1 HFP3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.