Back to search
CVE-2008-1856
Published: Apr 16, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
linpha-mapmainclass-file-include(41676)
vdb-entry
x_refsource_XF
5392
exploit
x_refsource_EXPLOIT-DB
http://sourceforge.net/project/shownotes.php?release_id=595725
x_refsource_CONFIRM
50229
vdb-entry
x_refsource_OSVDB
29724
third-party-advisory
x_refsource_SECUNIA
28654
vdb-entry
x_refsource_BID
ADV-2008-1136
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now