WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2666)

Description

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.

Remediation

References

Related Vulnerabilities

Oracle Application Server CVE-2008-3977 Vulnerability (CVE-2008-3977)

WordPress Plugin iLive-Intelligent WordPress Live Chat Support Cross-Site Scripting (1.0.4)

WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)

Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-5511)

WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)

Severity

Medium

Classification

CVE-2008-2666 CWE-22

Tags

Missing Update Known Vulnerabilities