PT-2008-4944 · Unak · Unak-Cms
Ircrash
+1
·
Published
2008-08-10
·
Updated
2018-10-11
·
CVE-2008-3568
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
UNAK-CMS version 1.5.5
Description
The issue is related to an absolute path traversal vulnerability. This allows remote attackers to include and execute arbitrary local files via a full pathname in the
Dirroot parameter.Recommendations
For UNAK-CMS version 1.5.5, avoid using the
Dirroot parameter in the connector.php file until a fix is available. As a temporary workaround, consider restricting access to the connector.php file to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unak-Cms