CVE-2008-7176

Description

Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) change_lang parameter to index.php or (2) modload parameter to modules.php.

Affected products

• celina_jorge / facil_cms0.1 – 0.1

References

• EXPLOIThttps://www.exploit-db.com/exploits/5792
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43037
• MISChttp://www.securityfocus.com/bid/29692