Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6308

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2008-6308
Last Modified 12 Aug 2009 01:24:28
Published 26 Feb 2009 08:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-6308

Summary

Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the pun_user[language] parameter to (1) functions_navlinks.php, (2) header_new_messages.php, (3) profile_send.php, and (4) viewtopic_PM-link.php in include/pms/.

Vulnerable Systems

Application

  • Punbb Private Messaging System 1.2.0

  • Punbb Private Messaging System 1.2.1

  • Punbb Private Messaging System 1.2.2

  • Punbb Private Messaging System 1.2.3


References

XF - pms-multiple-file-include(46718)

VUPEN - ADV-2008-3214

BID - 32360

MILW0RM - 7159

SECUNIA - 13201


Last Updated: 27 May 2016 10:49:09