RSS   Vulnerabilities for 'Exero cms'   RSS

2008-03-20
 
CVE-2008-1409

CWE-22
 

 
Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top