CVE-2008-6453

Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.

Published : 2009-03-13 10:30 Updated : 2017-09-29 01:33

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
6rbscript 6rbscript 3.3 cpe:/a:6rbscript:6rbscript:3.3
  1. 6rbscript (1) Search CVE
    1. 6rbscript (1) Search CVE
      1. 3.3

CWE

ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE

History of changes

Date Event
2017-09-29 05:57
2009-03-13 10:30

New CVE