CVE-2008-7064 - OpenCVE

Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Quicksilver Forums	Quicksilver Forums

Configuration 1 [-]

cpe:2.3:a:quicksilver_forums:quicksilver_forums:1.4.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/50143
http://secunia.com/advisories/32823
http://secunia.com/advisories/38670
http://www.qsfportal.com/index.php?a=newspost&t=191
http://www.securityfocus.com/bid/32452
https://exchange.xforce.ibmcloud.com/vulnerabilities/46823
https://exchange.xforce.ibmcloud.com/vulnerabilities/46828
https://www.exploit-db.com/exploits/7217

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-25T10:00:00

Updated: 2024-08-07T11:56:12.929Z

Reserved: 2009-08-24T00:00:00

Link: CVE-2008-7064

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-08-25T10:30:00.280

Modified: 2024-02-14T01:17:43.863

Link: CVE-2008-7064

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-24T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a \"\\\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for \"/\" (forward slash), as demonstrated by uploading and including PHP code in an avatar file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "7217", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7217"}, {"name": "quicksilverforums-avatar-file-upload(46828)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"}, {"name": "32823", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32823"}, {"name": "quicksilverforums-index-file-include(46823)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"}, {"name": "38670", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38670"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.qsfportal.com/index.php?a=newspost&t=191"}, {"name": "50143", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/50143"}, {"name": "32452", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32452"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-7064", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a \"\\\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for \"/\" (forward slash), as demonstrated by uploading and including PHP code in an avatar file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "7217", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7217"}, {"name": "quicksilverforums-avatar-file-upload(46828)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"}, {"name": "32823", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32823"}, {"name": "quicksilverforums-index-file-include(46823)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"}, {"name": "38670", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38670"}, {"name": "http://www.qsfportal.com/index.php?a=newspost&t=191", "refsource": "CONFIRM", "url": "http://www.qsfportal.com/index.php?a=newspost&t=191"}, {"name": "50143", "refsource": "OSVDB", "url": "http://osvdb.org/50143"}, {"name": "32452", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32452"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:56:12.929Z"}, "title": "CVE Program Container", "references": [{"name": "7217", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7217"}, {"name": "quicksilverforums-avatar-file-upload(46828)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"}, {"name": "32823", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32823"}, {"name": "quicksilverforums-index-file-include(46823)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"}, {"name": "38670", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38670"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.qsfportal.com/index.php?a=newspost&t=191"}, {"name": "50143", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/50143"}, {"name": "32452", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32452"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-7064", "datePublished": "2009-08-25T10:00:00", "dateReserved": "2009-08-24T00:00:00", "dateUpdated": "2024-08-07T11:56:12.929Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quicksilver_forums:quicksilver_forums:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "F47737FE-E985-4C4A-86C6-A13EC17CE42C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a \"\\\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for \"/\" (forward slash), as demonstrated by uploading and including PHP code in an avatar file."}, {"lang": "es", "value": "La vulnerabilidad de salto del directorio en la funci\u00f3n get_lang en el archivo global.php en Quicksilver Forums versi\u00f3n 1.4.2 y anteriores, como es usado en QSF Portal anterior a versi\u00f3n 1.4.5, cuando es ejecutado en Windows, permite a los atacantes remotos incluir y ejecutar archivos locales arbitrarios por medio de un \"\\\" (barra diagonal invertida) en el par\u00e1metro lang en archivo index.php, que omite un mecanismo de protecci\u00f3n que solo comprueba \"/\" (barra diagonal), como es demostrado al cargar e incluir el c\u00f3digo PHP en un archivo avatar."}], "id": "CVE-2008-7064", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-25T10:30:00.280", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/50143"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32823"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/38670"}, {"source": "cve@mitre.org", "tags": ["URL Repurposed"], "url": "http://www.qsfportal.com/index.php?a=newspost&t=191"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32452"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7217"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}