Published: 25/08/2009 Updated: 14/02/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and previous versions, as used in QSF Portal prior to 1.4.5, when running on Windows, allows remote malicious users to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
quicksilver forums quicksilver forums 1.4.2

# Author: __GiReX__ # Homepage: girexaltervistaorg # Date: 24/11/2008 # CMS: Quicksilver Forums <= 142 # Site: wwwquicksilverforumscom/ # Bug: Local File Inclusion # Exploit: Remote Command Execution # Note: Works with windows servers only Works regardless phpini settings # Bug Discussion: # file: globalphp # lines: 3 ...

CWE-22 http://osvdb.org/50143 http://www.securityfocus.com/bid/32452 http://secunia.com/advisories/32823 http://secunia.com/advisories/38670 http://www.qsfportal.com/index.php?a=newspost&t=191 https://exchange.xforce.ibmcloud.com/vulnerabilities/46828 https://exchange.xforce.ibmcloud.com/vulnerabilities/46823 https://www.exploit-db.com/exploits/7217 https://nvd.nist.gov https://www.exploit-db.com/exploits/7217/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-7064

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect