Dagger 'skins/default.php' Remote File Include Vulnerability Network Vulnerability

Summary

Dagger is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer other attacks are also possible.

Solution

Vendor updates are available. See http://labs.geody.com/dagger/ fore more information.

References

http://www.securityfocus.com/bid/29906

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-6635
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AlienForm CGI script
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability

Take action and discover your vulnerabilities