PT-2008-3112 · Toppermod · Toppermod
Girex
·
Published
2008-03-31
·
Updated
2017-09-29
·
CVE-2008-1553
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TopperMod version 1.0
Description
The issue allows remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the
to parameter of a vulnerable endpoint, potentially leading to directory traversal.Recommendations
For TopperMod version 1.0, consider restricting access to the
mod.php file until a patch is available, or apply configuration changes to prevent directory traversal attacks by properly sanitizing the to parameter.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Toppermod