CVE-2008-3770

EPSS 2.4%

Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.

Affected products

n/a · n/a

public PoCs found — 8

exploitdbwww.exploit-db.com/exploits/32259unverified exploitdbwww.exploit-db.com/exploits/32264unverified exploitdbwww.exploit-db.com/exploits/32265unverified exploitdbwww.exploit-db.com/exploits/32266unverified exploitdbwww.exploit-db.com/exploits/32267unverified exploitdbwww.exploit-db.com/exploits/32268unverified exploitdbwww.exploit-db.com/exploits/32269unverified exploitdbwww.exploit-db.com/exploits/32270unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/31475 http://securityreason.com/securityalert/4181 https://exchange.xforce.ibmcloud.com/vulnerabilities/45037 http://www.openfreeway.org/download/change-log.html http://www.securityfocus.com/archive/1/495549/100/0/threaded http://www.securityfocus.com/bid/30731