CVE-2008-6474
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2008-6474
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
F5 BIG-IP管理接口NEW_VALUE参数远程代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的多合一网络设备。 BIG-IP的配置工具实现上存在输入验证漏洞,远程攻击者可能利用此漏洞在系统上执行任意命令。 Web管理接口和CLI所使用的F5 BIG-IP重新配置工具没有正确地过滤某些重新配置请求,如果登录用户拥有Resource Manager或Administrator权限的话,就可以注入任意Perl代码,生成Unix shell命令并以root用户权限执行。 这个漏洞的起因是未经转义NEW_VALUE中
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2008-6474
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2008-6474
Please Login to view more intelligence information
Same Patch Batch · n/a · 2009-03-16 · 17 CVEs total
| CVE-2008-6478 | Parallels Virtuozzo Containers VZPP WEB界面文件管理器跨站请求伪造漏洞 | |
| CVE-2008-6479 | Parallels Virtuozzo Containers VZPP界面跨站请求伪造漏洞 | |
| CVE-2008-6480 | Softnews Media Group DataLife Engine 'engine/modules/imagepreview.php' 跨站请求伪造漏洞 | |
| CVE-2009-0508 | IBM WebSphere Application Server WAR File 信息泄露漏洞 | |
| CVE-2009-0914 | Opera Web Browser内存溢出漏洞 | |
| CVE-2009-0915 | Opera 跨站脚本漏洞 | |
| CVE-2009-0916 | Opera Web Browser未明安全漏洞 | |
| CVE-2009-0917 | Dflabs PTK forensic图像跨站脚本攻击漏洞 | |
| CVE-2009-0918 | Dflabs PTK外部工具和特制forensic图像任意指令执行漏洞 | |
| CVE-2009-0919 | ApacheFriends XAMPP信任管理漏洞 | |
| CVE-2009-0912 | Mandriva perl-MDK-Common 未明特权升级漏洞 | |
| CVE-2009-0913 | Sun Solaris Keysock Kernel Module 本地拒绝服务漏洞 | |
| CVE-2008-6473 | Blogator-script 'init_pass2.php' 用户密码变更漏洞 | |
| CVE-2008-6475 | Drake CMS HTTP 'components/guestbook/guestbook.php' SQL注入漏洞 | |
| CVE-2008-6476 | BlogEngine.NET 'blog/search.aspx'跨站脚本攻击漏洞 | |
| CVE-2008-6477 | Mumbo Jumbo Media OP4 'index.php' SQL注入漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send - CVE-2026-8222
Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_managem - CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization - CVE-2026-8195
JeecgBoot SVG File CommonController.java cross site scriptin
V. Comments for CVE-2008-6474
No comments yet