1 results (0.006 seconds)

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2

Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de salto de directorio en el archivo admin/admin_xs.php en el módulo eXtreme Styles (XS-Mod) versiones 2.3.1 y 2.4.0 para phpBB, permite a los atacantes remotos incluir y ejecutar archivos arbitrarios por medio de un .. (punto punto) en el parámetro phpEx. • https://www.exploit-db.com/exploits/5301 http://secunia.com/advisories/29487 http://www.securityfocus.com/bid/28432 https://exchange.xforce.ibmcloud.com/vulnerabilities/41404 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •