RSS   Vulnerabilities for 'Mini-pub'   RSS

2009-01-21
 
CVE-2008-5936

CWE-200
 

 
front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.

 
2009-01-12
 
CVE-2008-5883

CWE-22
 

 
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.

 
2008-12-15
 
CVE-2008-5581

CWE-20
 

 
PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter.

 
 
CVE-2008-5580

CWE-20
 

 
mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument.

 
 
CVE-2008-5579

CWE-22
 

 
Absolute path traversal vulnerability in mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to read arbitrary files via a full pathname in the sFileName parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top