CVE

Id
33030  
CVE No.
CVE-2008-2913  
Status
Candidate  
Description
Directory traversal vulnerability in func.php in Devalcms 1.4a, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the currentpath parameter, in conjunction with certain ... (triple dot) and ..... sequences in the currentfile parameter, to index.php.  
Phase
Assigned (20080630)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
358473 33030 CVE-2008-2913 MILW0RM:5822  View
358474 33030 CVE-2008-2913 URL:http://www.milw0rm.com/exploits/5822  View
358475 33030 CVE-2008-2913 BID:29728  View
358476 33030 CVE-2008-2913 URL:http://www.securityfocus.com/bid/29728  View
358477 33030 CVE-2008-2913 SECUNIA:30585  View
358478 33030 CVE-2008-2913 URL:http://secunia.com/advisories/30585  View
358479 33030 CVE-2008-2913 XF:devalcms-currentfile-file-include(43116)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
50631 JVNDB-2008-005941 E-SMART CART の productsofcat.asp における SQL インジェクションの脆弱性 E-SMART CART の productsofcat.asp には、SQL インジェクションの脆弱性が存在します。 CVE-2008-2917 33030 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005941.html  View