Back to search
CVE-2008-7064
Published: Aug 25, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
7217
exploit
x_refsource_EXPLOIT-DB
quicksilverforums-avatar-file-upload(46828)
vdb-entry
x_refsource_XF
32823
third-party-advisory
x_refsource_SECUNIA
quicksilverforums-index-file-include(46823)
vdb-entry
x_refsource_XF
38670
third-party-advisory
x_refsource_SECUNIA
http://www.qsfportal.com/index.php?a=newspost&t=191
x_refsource_CONFIRM
50143
vdb-entry
x_refsource_OSVDB
32452
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now