CVE-2008-2076

Description

Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter.

Affected products

• actualscripts / actualanalyzer_lite2.78 – 2.78

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/30052
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/42128
• MISChttp://www.securityfocus.com/bid/29007
• EXPLOIThttps://www.exploit-db.com/exploits/5528