CVE-2008-5860

Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter.

Link	Resource
http://secunia.com/advisories/33250	Vendor Advisory
http://securityreason.com/securityalert/4868
https://www.exploit-db.com/exploits/7529

Configuration 1

cpe:2.3:a:constructr:constructr-cms:3.01.4:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.02.2:*:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.3:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.7:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.9:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.2:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.5:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.00.1:alpha:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.00.0:alpha:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.8:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.02.1:*:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.02.4:*:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.0:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.6:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.1:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.02.0:*:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.02.3:*:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.00.2:alpha:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:*:*:*:*:*:*:*:*

---

Published : 2009-01-06 05:30

Updated : 2017-09-29 01:32

---

NVD link : CVE-2008-5860

Mitre link : CVE-2008-5860

No products.

CWE-22