Published: 11/01/2008 Updated: 15/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote malicious users to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tuned studios orange cutout
tuned studios subwoofer
tuned studios endless
tuned studios freeze theme
tuned studios lonely maple
tuned studios music theme
tuned studios classic theme

Digital Security Research Group [DSecRG] Advisory #DSECRG08-001 Application: Tuned Studios Templates Versions Affected: All Vendor URL: http:/wwwtunedstudioscom Bug: Local File Include Exploits: YES Reported: 090120 ...

CWE-22 http://www.securityfocus.com/bid/27196 http://securityreason.com/securityalert/3532 https://exchange.xforce.ibmcloud.com/vulnerabilities/39555 https://www.exploit-db.com/exploits/4876 http://www.securityfocus.com/archive/1/485991/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/4876/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-0231

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect