CVE-2008-5418 – PunBB Mod PunPortal 0.1 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2008-5418

Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. Vulnerabilidad de salto directorio en login.php en el módulo PunPortal anterior a v2.0 para PunBB permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de .. (punto punto)en el parámetro "pun_user[language]". • https://www.exploit-db.com/exploits/7168 http://securityreason.com/securityalert/4707 http://www.securityfocus.com/bid/32380 https://exchange.xforce.ibmcloud.com/vulnerabilities/46774 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •