PT-2008-6315 · Phpblaster · Phpblaster Cms

Cracker

Published

2008-11-19

Updated

2017-09-29

CVE-2008-5171

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions phpBLASTER CMS version 1.0 RC1

Description The issue concerns directory traversal vulnerabilities in the admin/minibb/index.php file of phpBLASTER CMS. When register globals is enabled, remote attackers can include and execute arbitrary local files using directory traversal sequences in the DB, lang, and skin parameters.

Recommendations For phpBLASTER CMS version 1.0 RC1, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the admin/minibb/index.php file and its parameters, specifically DB, lang, and skin, until a patch is available. Avoid using directory traversal sequences in these parameters to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-5171

Affected Products

Phpblaster Cms

PT-2008-6315 · Phpblaster · Phpblaster Cms

CVE-2008-5171

Weakness Enumeration

Related Identifiers

Affected Products

References · 3