Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4894

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2008-4894
Last Modified 24 Oct 2012 12:00:00
Published 03 Nov 2008 07:58:39
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-4894

Summary

Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c.

Vulnerable Systems

Application

  • Tribiq Cms 5.0.10a


References

XF - tribiq-headerinc-file-include(46264)

BID - 32018

SECUNIA - 32548

MILW0RM - 6888


Last Updated: 27 May 2016 10:48:39