CVE-2009-0765

Description

Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter.

Affected products

• bookelves / kipper2.01 – 2.01

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/33832
• MISChttp://www.securityfocus.com/bid/33640
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/49271
• EXPLOIThttps://www.exploit-db.com/exploits/7993