CVE-2007-5417

Description

Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

Affected products

• boastmachine / boastmachine2.8 – 2.8

References

• MISChttp://securityvulns.com/Sdocument42.html
• MISChttp://www.securityfocus.com/archive/1/482006/100/0/threaded
• MISChttp://securityvulns.com/source26994.html
• MISChttp://securityreason.com/securityalert/3216
• MISChttp://www.securityfocus.com/bid/26032
• MISChttp://osvdb.org/43632