CVE-2008-5204

Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.
Configurations

Configuration 1

cpe:2.3:a:poweraward:poweraward:1.1.0:rc1:*:*:*:*:*:*

Information

Published : 2008-11-21 05:30

Updated : 2017-09-29 01:32


NVD link : CVE-2008-5204

Mitre link : CVE-2008-5204

Products Affected
No products.
CWE