code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-06-23T21:21:00
Updated: 2024-08-07T05:44:54.956Z
Reserved: 2009-06-23T00:00:00
Link: CVE-2009-2177
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-06-23T21:30:00.377
Modified: 2017-09-29T01:34:45.810
Link: CVE-2009-2177
Redhat
No data.