Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3415

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3415
Last Modified 07 Mar 2011 10:10:45
Published 31 Jul 2008 01:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3415

Summary

Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.

Vulnerable Systems

Application

  • Cmscout 2.05


References

XF - cmscout-common-file-include(44017)

VUPEN - ADV-2008-2218

BID - 30385

MILW0RM - 6142

CONFIRM - http://www.cmscout.co.za/index.php?page=news&id=29

SREASON - 4093

SECUNIA - 31243


Last Updated: 27 May 2016 10:48:12