Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1409

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1409
Last Modified 07 Mar 2011 10:07:03
Published 20 Mar 2008 06:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1409

Summary

Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.

Vulnerable Systems

Application

  • Exero Cms 1.0.1


References

VUPEN - ADV-2008-0909

MILW0RM - 5265

XF - exerocms-theme-file-include(41238)

BID - 28273


Last Updated: 27 May 2016 10:47:08