VDB
CVE-2008-3400
CVE-2008-3400
PUBLISHED
CVSS 4.300000190734863 MEDIUM
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
EPSS 5.99% · 90.9th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
5.99%
90.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| xrms | xrms_crm | 1.99.2 |
Timeline
- Jul 25, 2008 PoC Published
- Jul 31, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 6131 exploit
- 31233 third-party-advisory
- xrmscrm-info-info-disclosure(43995) vdb
- 20080725 XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities mailing-list
- 4081 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-3400 advisory