PT-2008-2059 · Bloofox · Bloofoxcms
Published
2008-01-23
·
Updated
2018-10-15
·
CVE-2008-0427
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
bloofoxCMS version 0.3
Description
The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the file.php file. This is achieved by using a .. (dot dot) in the
file parameter.Recommendations
For bloofoxCMS version 0.3, consider restricting access to the file.php file until a patch is available, and avoid using the
file parameter with untrusted input to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bloofoxcms