Back to search
CVE-2009-1948
Published: Jun 5, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
unb-forum-directory-traversal(50877)
vdb-entry
x_refsource_XF
unb-forum-file-include(50878)
vdb-entry
x_refsource_XF
35183
vdb-entry
x_refsource_BID
35299
third-party-advisory
x_refsource_SECUNIA
8841
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now