CVE-2008-3415 Information

Feb 14, 2021 cve

Description

Directory traversal vulnerability in common.php in CMScout 2.05 when .htaccess is not supported allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.

Reference

http://secunia.com/advisories/31243 http://securityreason.com/securityalert/4093 http://www.cmscout.co.za/index.php?page=news&id=29 http://www.securityfocus.com/bid/30385 http://www.vupen.com/english/advisories/2008/2218/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44017 https://www.exploit-db.com/exploits/6142

Share on: