Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4741

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4741
Last Modified 01 Sep 2009 01:21:09
Published 27 Oct 2008 01:21:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4741

Summary

Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.

Vulnerable Systems

Application

  • Far-php 1.00


References

XF - farphp-index-file-include(44606)

BID - 30781

BUGTRAQ - 20080822 Re: Null Byte Local file Inclusion in FAR - PHP Project version:1.0

SREASON - 4507

SECUNIA - 31563

BUGTRAQ - 20080821 Null Byte Local file Inclusion in FAR - PHP Project version:1.0


Last Updated: 27 May 2016 10:48:36