Path Traversal in Mozilo Mozilocms
CVE-2008-3589
Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.024 (81.6th percentile) — read the EPSS interpretation.
Affected products
- Mozilo Mozilocms — versions 1.10.1
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_SREASON, third-party-advisory)
- cve@mitre.org (exploit, x_refsource_EXPLOIT-DB)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)