CVE-2009-0448 – Syntax Desktop 2.7 - 'synTarget' Local File Inclusion

https://notcve.org/view.php?id=CVE-2009-0448

05 Feb 2009 — Directory traversal vulnerability in admin/modules/aa/preview.php in Syntax Desktop 2.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the synTarget parameter. Vulnerabilidad de salto de directorio en admin/modules/aa/preview.php de Syntax Desktop v2.7, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de un .. (punto punto) en el parámetro synTarget. • https://www.exploit-db.com/exploits/7977 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •