PT-2008-4144 · Galatolo · Galatolo Webmanager

Staker

Published

2008-06-13

Updated

2017-09-29

CVE-2008-2699

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Galatolo WebManager (GWM) version 1.0

Description The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences. This can be achieved by exploiting the plugin parameter to "admin/plugins.php" or the com parameter to "index.php".

Recommendations For Galatolo WebManager (GWM) version 1.0, as a temporary workaround, consider restricting access to the "admin/plugins.php" and "index.php" endpoints to minimize the risk of exploitation. Avoid using the plugin and com parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-2699

Affected Products

Galatolo Webmanager

PT-2008-4144 · Galatolo · Galatolo Webmanager

CVE-2008-2699

Weakness Enumeration

Related Identifiers

Affected Products

References · 4