CVE-2008-4499
published 2008-10-09CVE-2008-4499: Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .…
PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
2.86%
85.0th percentile
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_web_explorer | php_web_explorer_lite | <= 0.99b | — |
| php_web_explorer | php_web_explorer_lite | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHP Web Explorer 0.99b - 'main.php?refer' Traversal Local File Inclusion
exploitdb·2008-10-06
CVE-2008-4499 PHP Web Explorer 0.99b - 'main.php?refer' Traversal Local File Inclusion
PHP Web Explorer 0.99b - 'main.php?refer' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/31595/info
PHP Web Explorer is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view local files and execute local scripts within the context of the webserver process. A successful attack can allow the attacker to obtain sensitive information or gain unauthorized access to an affected computer in the context of the vulnerable server.
PHP Web Explorer 0.99b is vulnerable; other versions may also be affected.
http://www.example.com/main.php?refer=d&d=../../../etc
Exploit-DB
PHP Web Explorer 0.99b - 'edit.php?File' Traversal Local File Inclusion
exploitdb·2008-10-06
CVE-2008-4499 PHP Web Explorer 0.99b - 'edit.php?File' Traversal Local File Inclusion
PHP Web Explorer 0.99b - 'edit.php?File' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/31595/info
PHP Web Explorer is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view local files and execute local scripts within the context of the webserver process. A successful attack can allow the attacker to obtain sensitive information or gain unauthorized access to an affected computer in the context of the vulnerable server.
PHP Web Explorer 0.99b is vulnerable; other versions may also be affected.
http://www.example.com/edit.php?file=../../../etc/passwd
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=122332154511973&w=2http://securityreason.com/securityalert/4371http://www.securityfocus.com/bid/31595https://exchange.xforce.ibmcloud.com/vulnerabilities/45691http://marc.info/?l=bugtraq&m=122332154511973&w=2http://securityreason.com/securityalert/4371http://www.securityfocus.com/bid/31595https://exchange.xforce.ibmcloud.com/vulnerabilities/45691
2008-10-09
Published