Back to search
CVE-2008-3194
Published: Jul 16, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2008-2104
vdb-entry
x_refsource_VUPEN
6074
exploit
x_refsource_EXPLOIT-DB
3996
third-party-advisory
x_refsource_SREASON
pluck-predefinedvariables-file-include(43741)
vdb-entry
x_refsource_XF
31088
third-party-advisory
x_refsource_SECUNIA
30218
vdb-entry
x_refsource_BID
http://www.pluck-cms.org/releasenotes.php#4.5.2
x_refsource_CONFIRM
http://www.bugreport.ir/index_48.htm
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now