Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-4181

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Sep, 2008 | 15:00
Updated At-07 Aug, 2024 | 10:08
Rejected At-
Credits

Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Sep, 2008 | 15:00
Updated At:07 Aug, 2024 | 10:08
Rejected At:
â–¼CVE Numbering Authority (CNA)

Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/45147
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/31196
vdb-entry
x_refsource_BID
http://securityreason.com/securityalert/4301
third-party-advisory
x_refsource_SREASON
https://www.exploit-db.com/exploits/6461
exploit
x_refsource_EXPLOIT-DB
http://www.netenberg.com/forum/index.php?topic=6768.0
x_refsource_CONFIRM
http://secunia.com/advisories/31863
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45147
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/31196
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://securityreason.com/securityalert/4301
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: https://www.exploit-db.com/exploits/6461
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.netenberg.com/forum/index.php?topic=6768.0
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/31863
Resource:
third-party-advisory
x_refsource_SECUNIA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/45147
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/31196
vdb-entry
x_refsource_BID
x_transferred
http://securityreason.com/securityalert/4301
third-party-advisory
x_refsource_SREASON
x_transferred
https://www.exploit-db.com/exploits/6461
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.netenberg.com/forum/index.php?topic=6768.0
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/31863
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45147
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/31196
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://securityreason.com/securityalert/4301
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/6461
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.netenberg.com/forum/index.php?topic=6768.0
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/31863
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Sep, 2008 | 15:25
Updated At:23 Apr, 2026 | 00:35

Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
netenberg
netenberg
>>fantastico_de_luxe>>Versions up to 2.8.2(inclusive)
cpe:2.3:a:netenberg:fantastico_de_luxe:*:r12:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>Versions up to 2.8.8(inclusive)
cpe:2.3:a:netenberg:fantastico_de_luxe:*:r11:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>Versions up to 2.10.0(inclusive)
cpe:2.3:a:netenberg:fantastico_de_luxe:*:r17:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>Versions up to 2.10.0(inclusive)
cpe:2.3:a:netenberg:fantastico_de_luxe:*:r8:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>Versions up to 2.10.2(inclusive)
cpe:2.3:a:netenberg:fantastico_de_luxe:*:r46:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>Versions up to 2.10.4(inclusive)
cpe:2.3:a:netenberg:fantastico_de_luxe:*:r18:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r1:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r10:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r11:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r2:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r3:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r4:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r5:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r6:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r7:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r8:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r9:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.4
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r1:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.4
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r2:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.4
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r3:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.4
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r4:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.4
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r5:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.4
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r6:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.4
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r7:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.6
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.6:r1:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.6
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.6:r2:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.6
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.6:r3:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.8
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r1:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.8
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r10:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.8
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r2:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.8
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r3:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.8
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r4:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.8
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r5:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.8
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r6:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.8
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r7:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.8
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r8:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.8
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r9:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r1
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r1:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r2
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r2:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r3
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r3:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r4
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r4:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r5
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r5:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r6
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r6:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r7
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r7:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r8
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r8:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r9
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r9:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r10
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r10:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r11
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r11:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r12
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r12:*:*:*:*:*:*:*
netenberg
netenberg
>>fantastico_de_luxe>>2.8.r13
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r13:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/31863cve@mitre.org
Vendor Advisory
http://securityreason.com/securityalert/4301cve@mitre.org
N/A
http://www.netenberg.com/forum/index.php?topic=6768.0cve@mitre.org
Patch
http://www.securityfocus.com/bid/31196cve@mitre.org
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/45147cve@mitre.org
N/A
https://www.exploit-db.com/exploits/6461cve@mitre.org
N/A
http://secunia.com/advisories/31863af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securityreason.com/securityalert/4301af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.netenberg.com/forum/index.php?topic=6768.0af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securityfocus.com/bid/31196af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/45147af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.exploit-db.com/exploits/6461af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/31863
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/4301
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.netenberg.com/forum/index.php?topic=6768.0
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/31196
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45147
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/6461
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/31863
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/4301
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.netenberg.com/forum/index.php?topic=6768.0
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/31196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45147
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/6461
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

318Records found
CVE-2008-6926
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.58% / 90.50%
||
7 Day CHG~0.00%
Published-10 Aug, 2009 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.

Action-Not Available
Vendor-netenbergn/acPanel (WebPros International, LLC)
Product-cpanelfantastico_de_luxen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6843
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.84% / 75.20%
||
7 Day CHG~0.00%
Published-02 Jul, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.

Action-Not Available
Vendor-netenbergn/acPanel (WebPros International, LLC)
Product-fantastico_de_luxecpaneln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5962
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.83% / 88.41%
||
7 Day CHG~0.00%
Published-23 Jan, 2009 | 18:38
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the objectname parameter.

Action-Not Available
Vendor-gravity-gtdn/a
Product-gravity-gtdn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-13241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 60.75%
||
7 Day CHG-0.02%
Published-04 Jul, 2019 | 14:31
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

Action-Not Available
Vendor-flightcrew_projectn/aCanonical Ltd.
Product-ubuntu_linuxflightcrewn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-7006
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.26% / 79.80%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xwatchosn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6316
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.65% / 88.13%
||
7 Day CHG~0.00%
Published-27 Feb, 2009 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than CVE-2008-6318.

Action-Not Available
Vendor-phpmygalleryn/a
Product-phpmygalleryn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6877
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.34% / 57.22%
||
7 Day CHG~0.00%
Published-27 Jul, 2009 | 14:22
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.

Action-Not Available
Vendor-zen_cartn/a
Product-zen_cartn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6313
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.54% / 87.94%
||
7 Day CHG~0.00%
Published-27 Feb, 2009 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a URL in the editform parameter. NOTE: PHP remote file inclusion attacks are also likely.

Action-Not Available
Vendor-phpaddeditn/a
Product-phpaddeditn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.66% / 90.57%
||
7 Day CHG~0.00%
Published-31 Jul, 2009 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/.

Action-Not Available
Vendor-xoopsn/a
Product-xoopsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5919
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-7.83% / 92.17%
||
7 Day CHG~0.00%
Published-21 Jan, 2009 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.

Action-Not Available
Vendor-tigrisn/a
Product-websvnn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6177
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.83% / 88.41%
||
7 Day CHG~0.00%
Published-19 Feb, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) username parameter to view_member.php, (2) username_post parameter to login.php, and the (3) Lightblog_username cookie parameter to check_user.php.

Action-Not Available
Vendor-publicwarehousen/a
Product-lightblogn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6172
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.55% / 85.81%
||
7 Day CHG~0.00%
Published-19 Feb, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.

Action-Not Available
Vendor-weberrn/aJoomla!
Product-rwcardsjoomlan/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.26% / 87.42%
||
7 Day CHG~0.00%
Published-02 Mar, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter.

Action-Not Available
Vendor-insun_podcastn/a
Product-feedcmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6878
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.34% / 57.22%
||
7 Day CHG~0.00%
Published-27 Jul, 2009 | 14:22
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _SESSION[language] parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.

Action-Not Available
Vendor-zen_cartn/a
Product-zen_cartn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6842
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.71% / 86.22%
||
7 Day CHG~0.00%
Published-02 Jul, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.

Action-Not Available
Vendor-pluck-cmsn/a
Product-pluckn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6825
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-63.30% / 98.43%
||
7 Day CHG~0.00%
Published-05 Jun, 2009 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.

Action-Not Available
Vendor-trixboxn/a
Product-trixboxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6317
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.65% / 88.13%
||
7 Day CHG~0.00%
Published-27 Feb, 2009 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316.

Action-Not Available
Vendor-phpmygalleryn/a
Product-phpmygalleryn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5989
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.54% / 89.41%
||
7 Day CHG~0.00%
Published-28 Jan, 2009 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.

Action-Not Available
Vendor-phpcountern/a
Product-phpcountern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6025
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.46% / 87.80%
||
7 Day CHG~0.00%
Published-03 Feb, 2009 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter.

Action-Not Available
Vendor-openelecn/a
Product-openelecn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-8.52% / 92.55%
||
7 Day CHG~0.00%
Published-20 Feb, 2009 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-kwsphpn/a
Product-kwsphpn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6018
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.15% / 84.59%
||
7 Day CHG~0.00%
Published-02 Feb, 2009 | 21:29
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.

Action-Not Available
Vendor-myphpsiten/a
Product-myphpsiten/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6253
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-10.49% / 93.41%
||
7 Day CHG~0.00%
Published-24 Feb, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter.

Action-Not Available
Vendor-pluck-cmsn/a
Product-pluckn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.29% / 87.50%
||
7 Day CHG~0.00%
Published-28 Jan, 2009 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in connect/init.inc in emergecolab 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sitecode parameter to connect/index.php.

Action-Not Available
Vendor-eduforgen/a
Product-emergecolabn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.83% / 88.41%
||
7 Day CHG~0.00%
Published-25 Feb, 2009 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the content parameter.

Action-Not Available
Vendor-tbmnetn/a
Product-tbmnetcmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6265
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.83% / 88.41%
||
7 Day CHG~0.00%
Published-24 Feb, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7.12.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.

Action-Not Available
Vendor-cyberfolion/a
Product-cyberfolion/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6522
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.72% / 82.81%
||
7 Day CHG~0.00%
Published-25 Mar, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php.

Action-Not Available
Vendor-devraj_mukherjeen/a
Product-openterracottan/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5604
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.82% / 91.53%
||
7 Day CHG~0.00%
Published-16 Dec, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.

Action-Not Available
Vendor-drennansoftn/a
Product-my_simple_forumn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5894
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.02% / 88.72%
||
7 Day CHG~0.00%
Published-12 Jan, 2009 | 19:27
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

Action-Not Available
Vendor-mediathekan/a
Product-mediathekan/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.82% / 91.53%
||
7 Day CHG~0.00%
Published-15 Dec, 2008 | 17:45
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

Action-Not Available
Vendor-php_multiple_newslettersn/a
Product-php_multiple_newslettersn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5204
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.84% / 83.36%
||
7 Day CHG~0.00%
Published-21 Nov, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.

Action-Not Available
Vendor-powerawardn/a
Product-powerawardn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5207
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.35%
||
7 Day CHG~0.00%
Published-21 Nov, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the taal parameter to (1) backup.php and (2) gb_voegtoe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-jonascmsn/a
Product-jonascmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.83% / 88.41%
||
7 Day CHG~0.00%
Published-02 Jan, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-edreamersn/a
Product-ednewsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5818
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.02% / 88.72%
||
7 Day CHG~0.00%
Published-02 Jan, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-edreamersn/a
Product-edcontainern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-5265
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.02% / 88.72%
||
7 Day CHG~0.00%
Published-28 Nov, 2008 | 18:26
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo parameter.

Action-Not Available
Vendor-tntforumn/a
Product-tnt_forumn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4075
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.46% / 87.80%
||
7 Day CHG~0.00%
Published-15 Sep, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.

Action-Not Available
Vendor-dinon/a
Product-d-iscussion_boardn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.46% / 87.80%
||
7 Day CHG~0.00%
Published-29 Oct, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.

Action-Not Available
Vendor-easy-scriptn/a
Product-myforumn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4712
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.83% / 88.41%
||
7 Day CHG~0.00%
Published-23 Oct, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the plugin parameter.

Action-Not Available
Vendor-lnblogn/a
Product-lnblogn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4454
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.93% / 83.77%
||
7 Day CHG~0.00%
Published-06 Oct, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-mysql_quick_adminn/a
Product-mysql_quick_adminn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4632
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.29% / 87.50%
||
7 Day CHG~0.00%
Published-21 Oct, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters.

Action-Not Available
Vendor-kuren/a
Product-kuren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.83% / 88.41%
||
7 Day CHG~0.00%
Published-06 Oct, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie.

Action-Not Available
Vendor-mysql_quick_adminn/a
Product-mysql_quick_adminn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.26% / 87.42%
||
7 Day CHG~0.00%
Published-24 Oct, 2008 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter.

Action-Not Available
Vendor-plugspacen/a
Product-plugspacen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4662
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.90% / 90.81%
||
7 Day CHG~0.00%
Published-21 Oct, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

Action-Not Available
Vendor-lokicmsn/a
Product-lokicmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4626
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.63% / 91.39%
||
7 Day CHG~0.00%
Published-21 Oct, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter.

Action-Not Available
Vendor-zirkon_boxn/a
Product-yappa-ngn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.29% / 87.50%
||
7 Day CHG~0.00%
Published-22 Sep, 2008 | 16:20
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters.

Action-Not Available
Vendor-zanfi_solutionsn/a
Product-zanfi_cms_liten/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-3770
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.65% / 90.57%
||
7 Day CHG~0.00%
Published-22 Aug, 2008 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.

Action-Not Available
Vendor-openfreewayn/a
Product-freewayn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4483
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.83% / 88.41%
||
7 Day CHG~0.00%
Published-08 Oct, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.

Action-Not Available
Vendor-crux_softwaren/a
Product-galleryn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-3192
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.02% / 88.72%
||
7 Day CHG~0.00%
Published-16 Jul, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.

Action-Not Available
Vendor-sclekn/a
Product-jsiten/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-3677
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.16% / 36.84%
||
7 Day CHG~0.00%
Published-14 Aug, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.

Action-Not Available
Vendor-openfreewayn/a
Product-freewayn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-3390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.29% / 87.50%
||
7 Day CHG~0.00%
Published-31 Jul, 2008 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

Action-Not Available
Vendor-minishowcasen/a
Product-minishowcase_image_galleryn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-3365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-9.33% / 92.94%
||
7 Day CHG~0.00%
Published-30 Jul, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.

Action-Not Available
Vendor-pixelpostn/aMicrosoft Corporation
Product-windows-ntwindows_vistawindows_xpwindowswindows_2000windows_2003_serverpixelpostn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found