Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7055

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2008-7055
Last Modified 27 Aug 2009 12:00:00
Published 24 Aug 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-7055

Summary

module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace function.

Vulnerable Systems

Application

  • Visualshapers Ezcontents 2.0.3


References

XF - ezcontents-link-file-include(44663)

BID - 30821

BUGTRAQ - 20080825 [DSECRG-08-038] Multiple Local File Include Vulnerabilities in ezContents CMS 2.0.3

MILW0RM - 6301

SECUNIA - 31606


Last Updated: 27 May 2016 10:49:26