CVE-2008-6074

Directory traversal vulnerability in frame.php in phpcrs 2.06 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the importFunction parameter.
Configurations

Configuration 1

cpe:2.3:a:phpcrs:phpcrs:2.03:*:*:*:*:*:*:*
cpe:2.3:a:phpcrs:phpcrs:2.00:*:*:*:*:*:*:*
cpe:2.3:a:phpcrs:phpcrs:2.01:*:*:*:*:*:*:*
cpe:2.3:a:phpcrs:phpcrs:*:*:*:*:*:*:*:*
cpe:2.3:a:phpcrs:phpcrs:1.01:*:*:*:*:*:*:*
cpe:2.3:a:phpcrs:phpcrs:2.04:*:*:*:*:*:*:*
cpe:2.3:a:phpcrs:phpcrs:2.05:*:*:*:*:*:*:*
cpe:2.3:a:phpcrs:phpcrs:2.02:*:*:*:*:*:*:*

Information

Published : 2009-02-06 11:30

Updated : 2018-10-11 08:56


NVD link : CVE-2008-6074

Mitre link : CVE-2008-6074

Products Affected
No products.
CWE