CVE-2008-1409
N/A
N/A
Summary
Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.vupen.com/english/advisories/2008/0909/references
- http://www.securityfocus.com/bid/28273
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41238
- https://www.exploit-db.com/exploits/5265
References
- http://www.vupen.com/english/advisories/2008/0909/references
- http://www.securityfocus.com/bid/28273
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41238
- https://www.exploit-db.com/exploits/5265
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.