CVE

Id
33015  
CVE No.
CVE-2008-2898  
Status
Candidate  
Description
Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.  
Phase
Assigned (20080627)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
358362 33015 CVE-2008-2898 MILW0RM:5904  View
358363 33015 CVE-2008-2898 URL:http://www.milw0rm.com/exploits/5904  View
358364 33015 CVE-2008-2898 OSVDB:46480  View
358365 33015 CVE-2008-2898 URL:http://osvdb.org/46480  View
358366 33015 CVE-2008-2898 SECUNIA:30778  View
358367 33015 CVE-2008-2898 URL:http://secunia.com/advisories/30778  View
358368 33015 CVE-2008-2898 XF:hedgehogcms-header-file-include(43277)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
47898 JVNDB-2008-003208 AlstraSoft AskMe Pro の profile.php における SQL インジェクションの脆弱性 AlstraSoft AskMe Pro の profile.php には、SQL インジェクションの脆弱性が存在します。 CVE-2008-2902 33015 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003208.html  View