CVE Vulnerability

CVE-2008-5204

Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.securityfocus.com/bid/29993 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/43463
https://www.exploit-db.com/exploits/5962
Configurations

Configuration 1

cpe:2.3:a:poweraward:poweraward:1.1.0:rc1:*:*:*:*:*:*
Information

Published : 2008-11-21 05:30

Updated : 2017-09-29 01:32

NVD link : CVE-2008-5204

Mitre link : CVE-2008-5204

Products Affected
No products.
CWE
CWE-22