Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5204

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-5204
Last Modified 20 Aug 2009 01:22:56
Published 21 Nov 2008 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5204

Summary

Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.

Vulnerable Systems

Application

  • Poweraward 1.1.0


References

XF - poweraward-lang-file-include(43463)

BID - 29993

MILW0RM - 5962


Last Updated: 27 May 2016 10:48:44