Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2128

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2002-2128
Last Modified 05 Sep 2008 04:32:24
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-2128

Summary

editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter.

Vulnerable Systems

Application

  • W-agora 4.1.5


References

BID - 6463

XF - wagora-editform-file-include(10919)

BUGTRAQ - 20021219 XSS and PHP include bug in W-Agora

BUGTRAQ - 20021220 Re: XSS and PHP include bug in W-Agora


Last Updated: 27 May 2016 10:37:37