CVE-2007-6604 (xcms) |
|
| BugsAlert Home > CVE-2007-6604 (xcms) | |
|
Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/. Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6604 Learn more about CVE-2007-6604 (xcms) |
|
| Tags: cve-2007-6604 xcms | |
Related Items |
|
|
RedHat: Critical: firefox security update
|
|
|
CVE-2008-4096 (phpmyadmin)
|
|
|
CVE-2008-2866 (cauposhop_classic)
|
|
|
CVE-2008-4879 (php_shop)
|
|
|
Obama Malware Spam Targets Latin America
|
|
|
netOffice Dwins 1.3 Remote code execution.
|
|
|
Newbie Do I need Panda and Windows Defender?
|
|
