CVE

Id
35321  
CVE No.
CVE-2008-5204  
Status
Candidate  
Description
Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.  
Phase
Assigned (20081121)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
387155 35321 CVE-2008-5204 MILW0RM:5962  View
387156 35321 CVE-2008-5204 URL:http://www.milw0rm.com/exploits/5962  View
387157 35321 CVE-2008-5204 BID:29993  View
387158 35321 CVE-2008-5204 URL:http://www.securityfocus.com/bid/29993  View
387159 35321 CVE-2008-5204 XF:poweraward-lang-file-include(43463)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
49789 JVNDB-2008-005099 Joomla! 用の Datsogallery における SQL インジェクションの脆弱性 Joomla! 用の Datsogallery (com_datsogallery) モジュールの sub_votepic.php には、SQL インジェクションの脆弱性が存在します。 CVE-2008-5208 35321 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005099.html  View