CVE-2008-2227 – Forum Rank System 6 - 'settings['locale']' Multiple Local File Inclusions

https://notcve.org/view.php?id=CVE-2008-2227

Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de Salto de Directorio en PHP-Fusion Forum Rank System 6 permiten a atacantes remotos incluir y ejecutar archivos locales arbitrariamente a través de un .. (punto punto) en el parámetro configuración [local] de (1) forum.php y (2) profile.php en infusions/rank_system/. • https://www.exploit-db.com/exploits/31752 http://secunia.com/advisories/30304 http://www.securityfocus.com/bid/29077 http://www.securityfocus.com/bid/29077/exploit https://exchange.xforce.ibmcloud.com/vulnerabilities/42244 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •