RSS   Podatności dla 'Gf 3xplorer'   RSS

2007-12-20
 
CVE-2007-6476

 

 
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.

 
 
CVE-2007-6475

 

 
Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php.

 
 
CVE-2007-6474

 

 
Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.

 


Copyright 2024, cxsecurity.com

 

Back to Top