Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2982

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2982
Last Modified 05 Sep 2008 05:41:47
Published 02 Jul 2008 01:14:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2982

Summary

Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) thumb_template parameter to (a) admin/templates/template_thumbnail.php, and the (2) language parameter to (b) account/account.php, (c) downloads/downloads.php, (d) forum/forum.php, (e) fotogalerie/delete.php, and (f) fotogalerie/fotogalerie.php in admin/features/.

Vulnerable Systems

Application

  • Homeph Design 2.10


References

XF - homephdesign-language-file-include(43258)

MILW0RM - 5903


Last Updated: 27 May 2016 10:48:02