cbcvebase.
CVE-2008-1856
published 2008-04-16

CVE-2008-1856: plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which…

PriorityP335medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
2.69%
84.0th percentile
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.

Affected

12 ranges
VendorProductVersion rangeFixed in
linphalinpha
linphalinpha
linphalinpha
linphalinpha
linphalinpha
linphalinpha
linphalinpha
linphalinpha
linphalinpha
linphalinpha
linphalinpha
linphalinpha
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.