CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1CVE-2008-1042 – PHP Download Manager 1.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-1042
Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. Vulnerabilidad de salto de directorio en include/body.inc.php de Linux Web Shop (LWS) php Download Manager 1.0 y 1.1 permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de .. (punto punto) en el parámetro content. • https://www.exploit-db.com/exploits/5183 http://secunia.com/advisories/29089 http://www.securityfocus.com/bid/27961 https://exchange.xforce.ibmcloud.com/vulnerabilities/40795 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2008-1043 – PHPUserBase 1.3b - 'unverified.inc.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-1043
PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. Vulnerabilidad de inclusión remota de archivo en PHP en templates/default/header.inc.php de Linux Web Shop (LWS) php User Base 1.3 BETA permite a atacantes remotos ejecutar código PHP de su elección a través de un URL en el parámetro menu. • https://www.exploit-db.com/exploits/5180 http://www.securityfocus.com/archive/1/494140/100/0/threaded http://www.securityfocus.com/bid/27963 https://exchange.xforce.ibmcloud.com/vulnerabilities/40794 • CWE-94: Improper Control of Generation of Code ('Code Injection') •