PT-2009-4769 · Freewebshop.Org · Freewebshop.Org
Ahmadbady
·
Published
2009-07-07
·
Updated
2017-09-19
·
CVE-2009-2338
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
FreeWebshop.org version 2.2.9 R2
Description
The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting a directory traversal vulnerability in the includes/startmodules.inc.php file when register globals is enabled. The vulnerability can be triggered via a .. (dot dot) in the
lang file parameter.Recommendations
For FreeWebshop.org version 2.2.9 R2, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the includes/startmodules.inc.php file and avoid using the
lang file parameter until a fix is available.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freewebshop.Org