RSS   Vulnerabilities for 'Powerbook'   RSS

2008-03-28
 
CVE-2008-1537

CWE-22
 

 
Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

 

 >>> Vendor: Powerscripts 5 Products
Plusmail
Powerclan
Powernews
Powerphpboard
Powerbook


Copyright 2024, cxsecurity.com

 

Back to Top