CVE-2008-0612
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
06/02/2008
Last modified:
15/10/2018
Description
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:xoops:xoops:2.0.18:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://securityreason.com/securityalert/3614
- http://www.securityfocus.com/archive/1/487484/100/0/threaded
- http://www.securityfocus.com/bid/27622
- http://xoops.svn.sourceforge.net/viewvc/xoops/XoopsCore/branches/2.0.x/2.0.18.1/docs/changelog.txt?r1=1283&r2=1282&pathrev=1283
- http://xoops.svn.sourceforge.net/viewvc/xoops?view=rev&revision=1283
- https://www.exploit-db.com/exploits/5057