CVE-2008-1856

plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.

Published: Apr 16, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1856
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
linpha / linpha	1.0-beta1	1.0-beta1.x
linpha / linpha	1.0-beta2	1.0-beta2.x
linpha / linpha	0.9.4	0.9.4.x
linpha / linpha	1.3.2	1.3.2.x
linpha / linpha	1.0-beta3	1.0-beta3.x
linpha / linpha	1.3.0	1.3.0.x
linpha / linpha	1.0-rc1	1.0-rc1.x
linpha / linpha	1.1.1	1.1.1.x
linpha / linpha	0.9.3	0.9.3.x
linpha / linpha	0.9.2	0.9.2.x
linpha / linpha	1.1.0	1.1.0.x
linpha / linpha	1.2.0	1.2.0.x
linpha / linpha	0.9.1	0.9.1.x
linpha / linpha	1.3.1	1.3.1.x
linpha / linpha	0.9.0	0.9.0.x
linpha / linpha	-	-

Vulnerability Database

CVE-2008-1856