What is CVE-2008-6825?

CVE-2008-6825 is a vulnerability in N/a. Published 2009-06-05.

Is CVE-2008-6825 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2008-6825

Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.

EPSS: 0.633 (98.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

trixbox-langchoice-file-include(43686) (vdb-entry, x_refsource_XF)
6026 (exploit, x_refsource_EXPLOIT-DB)
20080709 Trixbox 2.6.1 and below, remote root shell through local file inclusion (mailing-list, x_refsource_FULLDISC)
30135 (vdb-entry, x_refsource_BID)
50421 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2008-6825?: CVE-2008-6825 is a vulnerability in N/a. Published 2009-06-05.
Is CVE-2008-6825 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.