Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-06-24T19:00:00Z
Updated: 2024-09-17T01:05:28.809Z
Reserved: 2008-06-24T00:00:00Z
Link: CVE-2008-2840
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2008-06-24T19:41:00.000
Modified: 2008-09-05T21:41:23.287
Link: CVE-2008-2840
Redhat
No data.