CVE-2006-0644
CVE-2006-0644
Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/1478unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://dragonflycms.org/Forums/viewtopic/p=98034.htmlhttp://dragonflycms.org/Forums/viewtopic/p=98034.html#98034http://retrogod.altervista.org/dragonfly9.0.6.1_incl_xpl.htmlhttp://securitytracker.com/id?1015601https://exchange.xforce.ibmcloud.com/vulnerabilities/24660http://www.osvdb.org/23058http://www.securityfocus.com/archive/1/424439/100/0/threadedhttp://www.securityfocus.com/bid/16546