CVE-2008-5204 Information

Description

Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1 when register_globals is enabled allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php (2) angemeldet.php (3) anmelden.php (4) charts.php (5) external_vote.php (6) guestbook.php (7) impressum.php (8) index.php (9) rss-reader.php (10) statistic.php (11) teilnehmer.php (12) topsites.php (13) votecode.php (14) voting.php and (15) winner.php.

Reference

http://www.securityfocus.com/bid/29993 https://exchange.xforce.ibmcloud.com/vulnerabilities/43463 https://www.exploit-db.com/exploits/5962