VYPR
Unrated severityNVD Advisory· Published Jun 3, 2008· Updated Jun 16, 2026

CVE-2008-2520

CVE-2008-2520

Description

Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) system/classes/sql/AdoDBConnection.php; and the (2) GLOBALS[_BIGACE][DIR][admin] parameter to (c) item_information.php and (d) jstree.php in system/application/util/, and (e) system/admin/plugins/menu/menuTree/plugin.php, different vectors than CVE-2006-4423.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Bigace/Bigace2 versions
    cpe:2.3:a:bigace:bigace:2.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bigace:bigace:2.4:*:*:*:*:*:*:*
    • (no CPE)range: = 2.4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.