CVE-2008-3165

2008-07-1423:00:00

mitre

www.cve.org

6.9 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.9%

JSON

Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805.

References

secunia.com/advisories/30930

securityreason.com/securityalert/3995

www.securityfocus.com/bid/30103

exchange.xforce.ibmcloud.com/vulnerabilities/43605

exchange.xforce.ibmcloud.com/vulnerabilities/43606

www.exploit-db.com/exploits/6009