Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2898

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2898
Last Modified 14 Apr 2009 01:32:55
Published 27 Jun 2008 02:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2898

Summary

Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Vulnerable Systems

Application

  • Hedgehog-cms 1.21


References

XF - hedgehogcms-header-file-include(43277)

MILW0RM - 5904

SECUNIA - 30778

OSVDB - 46480


Last Updated: 27 May 2016 10:48:01