Published: 09/10/2008 Updated: 08/08/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and previous versions allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php web explorer php web explorer lite
php web explorer php web explorer lite 0.99a

source: wwwsecurityfocuscom/bid/31595/info PHP Web Explorer is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input An attacker can exploit these vulnerabilities using directory-traversal strings to view local files and execute local scripts within the context of the webserver pr ...

source: wwwsecurityfocuscom/bid/31595/info PHP Web Explorer is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input An attacker can exploit these vulnerabilities using directory-traversal strings to view local files and execute local scripts within the context of the webserver ...

CWE-22 http://marc.info/?l=bugtraq&m=122332154511973&w=2 http://www.securityfocus.com/bid/31595 http://securityreason.com/securityalert/4371 https://exchange.xforce.ibmcloud.com/vulnerabilities/45691 https://nvd.nist.gov https://www.exploit-db.com/exploits/32463/

CVE-2008-4499

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect