Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1624

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1624
Last Modified 18 Mar 2009 01:35:48
Published 02 Apr 2008 01:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1624

Summary

Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter.

Vulnerable Systems

Application

  • Whorl Ltd Jshop Server 1

  • Whorl Ltd Jshop Server 2


References

XF - jshop-page-file-include(41524)

BID - 28501

MILW0RM - 5325


Last Updated: 27 May 2016 10:47:36