CVE-2010-3480

Description

Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

Affected products

• apphp / php_microcms1.0.1 – 1.0.1

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/41491
• MISChttp://www.securityfocus.com/bid/43232
• EXPLOIThttp://www.exploit-db.com/exploits/15011
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/61813
• VENDOR_ADVISORYhttp://secunia.com/advisories/41455
• MISChttp://osvdb.org/68074