CVE-2008-1856
CVE-2008-1856
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/5392unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/29724https://exchange.xforce.ibmcloud.com/vulnerabilities/41676http://sourceforge.net/project/shownotes.php?release_id=595725https://www.exploit-db.com/exploits/5392http://www.osvdb.org/50229http://www.securityfocus.com/bid/28654http://www.vupen.com/english/advisories/2008/1136