PT-2008-3337 · Sabros.Us · Sabros.Us
Published
2008-04-15
·
Updated
2017-09-29
·
CVE-2008-1799
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
sabros.us version 1.75
Description
The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the thumbnails.php file. This is achieved by using a .. (dot dot) in the
img parameter.Recommendations
For version 1.75, consider restricting access to the thumbnails.php file until a patch is available, or avoid using the
img parameter with untrusted input to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sabros.Us