P4Imi0

#11507of 53,630
23.9Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2008-2118
5.0
2008-01-30
Clansphere · Clansphere · CVE-2008-0489
**Name of the Vulnerable Software and Affected Versions** Clansphere version 2007.4.4 **Description** The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting a directory traversal vulnerability in the install.php file, specifically by using a .. (dot dot) in the `lang` parameter. **Recommendations** For Clansphere version 2007.4.4, consider restricting access to the install.php file or validating the `lang` parameter to prevent directory traversal attacks. As a temporary workaround, avoid using the `lang` parameter in the install.php file until a patch is available.
PT-2008-1829
6.4
2008-01-09
Sys Hotel · Sys-Hotel On Line System · CVE-2008-0184
**Name of the Vulnerable Software and Affected Versions** Sys-Hotel on Line System version (affected versions not specified) **Description** The issue allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the `file` parameter of the index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2007-7342
7.5
2007-12-21
Xecms · Xecms · CVE-2007-6508
**Name of the Vulnerable Software and Affected Versions** xeCMS version 1.0 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the view.php file. This is achieved by using a ..%2F (dot dot slash) in the `list` parameter. **Recommendations** For xeCMS version 1.0, consider restricting access to the view.php file or the `list` parameter to minimize the risk of exploitation until a patch is available.
PT-2007-7227
5.0
2007-12-15
Unknown · Ezcontents · CVE-2007-6368
**Name of the Vulnerable Software and Affected Versions** ezContents version 1.4.5 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file. This is achieved by using a .. (dot dot) in the `link` parameter. **Recommendations** For ezContents version 1.4.5, consider restricting access to the vulnerable index.php file until a patch is available. As a temporary workaround, avoid using the `link` parameter in the index.php file to minimize the risk of exploitation.