Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-11-21T17:00:00
Updated: 2024-08-07T10:49:10.830Z
Reserved: 2008-11-21T00:00:00
Link: CVE-2008-5204
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-11-21T17:30:00.703
Modified: 2024-11-21T00:53:33.090
Link: CVE-2008-5204
Redhat
No data.