CVE-2008-5993

Description

Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the code parameter.

Affected products

• barcodephp / barcodegen_1d2.0.0
• barcodephp / barcodegen_1d1.2.4 – 1.2.4
• barcodephp / barcodegen_1d1.3.0 – 1.3.0

References

• EXPLOIThttps://www.exploit-db.com/exploits/6558
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/45406