CVE-2008-0478

Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 29/01/2008 Updated: 29/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
setcms setcms 3.6.5

#!/usr/bin/perl ## SetCMS v365 (setcmsorg) remote commands execution exploit by RST/GHC ## o4o92oo6 ## (c)oded by 1dtw0lf ## THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE ## KEEP IT PRIVATE ## Ð¿Ñ€Ð¾ Ð±Ð°Ð³Ñƒ: ## ## file: functionsphp ## ## FUNCTION ip(){ ## global $user_id; ## if(getenv('HTTP_CLIENT_IP')) {$user_ip = getenv('HT ...

CWE-22 http://www.securityfocus.com/bid/27407 https://exchange.xforce.ibmcloud.com/vulnerabilities/39864 https://www.exploit-db.com/exploits/4962 https://nvd.nist.gov https://www.exploit-db.com/exploits/4962/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-0478

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect