Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2672


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2672
Last Modified 29 Jan 2009 01:50:54
Published 11 Jun 2008 10:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and earlier, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) ewiki_id and (2) ewiki_action parameters to fragments/css.php, and possibly the (3) id parameter to the default URI. NOTE: the default URI is site-specific but often performs an include_once of ewiki.php.

Vulnerable Systems


  • Erfurtwiki R1.02b


XF - erfurtwiki-css-file-include(42981)

BID - 29628

BUGTRAQ - 20080610 [web-app] ErfurtWiki <= R1.02b (css) Local File Inclusion Vulnerability

MILW0RM - 5771

SREASON - 3936


Last Updated: 27 May 2016 10:47:56