CVE-2008-6551 Information
Description
Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier when magic_quotes_gpc is disabled allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) an adminlang cookie to admin/ind_ex.php; or the module parameter to (2) 3rdparty/adminpart/add3rdparty.php (3) polling/adminpart/addpolling.php (4) contact/adminpart/addcontact.php (5) brandnews/adminpart/addbrandnews.php (6) newsletter/adminpart/addnewsletter.php (7) game/adminpart/addgame.php (8) tour/adminpart/addtour.php (9) articles/adminpart/addarticles.php (10) product/adminpart/addproduct.php or (11) plain/adminpart/addplain.php in modules/.
Reference
http://www.securityfocus.com/bid/32180 https://exchange.xforce.ibmcloud.com/vulnerabilities/46457 https://www.exploit-db.com/exploits/7031
Share on: