Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2008-1856

Published: 16/04/2008 Updated: 29/09/2017
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 515
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Linpha

Vulnerability Summary

plugins/maps/db_handler.php in LinPHA 1.3.3 and previous versions does not require authentication for a settings action that modifies the configuration file, which allows remote malicious users to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.

Vulnerable Product Search on Vulmon Subscribe to Product

linpha linpha 0.9.1

linpha linpha 0.9.2

linpha linpha 0.9.3

linpha linpha 1.1.1

linpha linpha 1.2.0

linpha linpha 0.9.4

linpha linpha 1.0

linpha linpha 1.3.0

linpha linpha 1.3.1

linpha linpha 1.3.2

linpha linpha

linpha linpha 0.9.0

linpha linpha 1.1.0

Exploits

Exploit DB: LinPHA 1.3.3 Plugin Maps - Remote Command Execution
<?php /* -------------------------------------------------------------- LinPHA <= 133 (maps plugin) Remote Command Execution Exploit -------------------------------------------------------------- author: EgiX mail: n0b0d13s[at]gmail[dot]com link: linphasourceforgenet details: works with magic_quotes_gpc = ...

References

CWE-22CWE-20http://www.securityfocus.com/bid/28654http://secunia.com/advisories/29724http://www.osvdb.org/50229http://sourceforge.net/project/shownotes.php?release_id=595725http://www.vupen.com/english/advisories/2008/1136https://exchange.xforce.ibmcloud.com/vulnerabilities/41676https://www.exploit-db.com/exploits/5392https://nvd.nist.govhttps://www.exploit-db.com/exploits/5392/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook