CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1CVE-2008-1042 – PHP Download Manager 1.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-1042
Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. Vulnerabilidad de salto de directorio en include/body.inc.php de Linux Web Shop (LWS) php Download Manager 1.0 y 1.1 permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de .. (punto punto) en el parámetro content. • https://www.exploit-db.com/exploits/5183 http://secunia.com/advisories/29089 http://www.securityfocus.com/bid/27961 https://exchange.xforce.ibmcloud.com/vulnerabilities/40795 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2005-3769 – PHP Download Manager 1.1.x - 'files.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3769
SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. • https://www.exploit-db.com/exploits/26544 http://www.osvdb.org/22827 http://www.securityfocus.com/bid/15517 •