Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via “…” sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.
CPE | Name | Operator | Version |
---|---|---|---|
alex_guestbook | eq | 4.0.1 | |
alex_guestbook | eq | 3.12 | |
alex_guestbook | eq | 4.0.2 | |
alex_guestbook | eq | 3.13 |