Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7064

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-7064
Last Modified 26 Feb 2010 02:01:33
Published 25 Aug 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7064

Summary

Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.

Vulnerable Systems

Application

  • Quicksilver Forums 1.4.2


References

XF - quicksilverforums-avatar-file-upload(46828)

XF - quicksilverforums-index-file-include(46823)

BID - 32452

CONFIRM - http://www.qsfportal.com/index.php?a=newspost&t=191

MILW0RM - 7217

SECUNIA - 38670

SECUNIA - 32823

OSVDB - 50143


Last Updated: 27 May 2016 10:49:26