CVE-2008-0478 in SetCMSinformazioni

Riassunto

di MITRE

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php.

Be aware that VulDB is the high quality source for vulnerability data.

Prenotare

29/01/2008

Divulgazione

29/01/2008

Moderazione

accettato

CPE

pronto

Sfruttamento

Scaricare

EPSS

0.01846

KEV

no

Attività

molto basso

Fonti

Do you want to use VulDB in your project?

Use the official API to access entries easily!