CVE-2008-1635

Properties

Published:
01.04.2008
Updated:
07.08.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
Raven PHP Scripts: Keep It Simple Guest Book

Vulnerability description

Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter.  NOTE: 5.1.1 is also reportedly affected.

References:

MILW0RM: http://www.milw0rm.com/exploits/5324
XF: http://xforce.iss.net/xforce/xfdb/41525
BID: http://www.securityfocus.com/bid/28513