CVE-2008-5728 in NetCatinfo

Summary

Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the INCLUDE_FOLDER parameter in (2) auth.inc.php, (3) banner.inc.php, (4) blog.inc.php, and (5) forum.inc.php in modules/.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

12/26/2008

Disclosure

12/26/2008

Moderation

VulDB entry created

Entries

1: VDB-45659

CPE

ready

CWE

CWE-22 (Confirmed)

Exploit

Download

CVSS

5.6

EPSS

0.03295

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-5728
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5728
CVE Details	https://www.cvedetails.com/cve/CVE-2008-5728/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!