Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5860

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2008-5860
Last Modified 29 Jan 2009 02:00:30
Published 06 Jan 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-5860

Summary

Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter.

Vulnerable Systems

Application

  • Constructr-cms 3.00.0

  • Constructr-cms 3.00.1

  • Constructr-cms 3.00.2

  • Constructr-cms 3.01.0

  • Constructr-cms 3.01.1

  • Constructr-cms 3.01.2

  • Constructr-cms 3.01.3

  • Constructr-cms 3.01.4

  • Constructr-cms 3.01.5

  • Constructr-cms 3.01.6

  • Constructr-cms 3.01.7

  • Constructr-cms 3.01.8

  • Constructr-cms 3.01.9

  • Constructr-cms 3.02.0

  • Constructr-cms 3.02.1

  • Constructr-cms 3.02.2

  • Constructr-cms 3.02.3

  • Constructr-cms 3.02.4

  • Constructr-cms 3.02.5


References

MILW0RM - 7529

SREASON - 4868

SECUNIA - 33250


Last Updated: 27 May 2016 10:48:57