CVE-2008-5860

Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:constructr:constructr-cms:*:*:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.00.0:alpha:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.00.1:alpha:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.00.2:alpha:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.0:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.1:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.2:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.3:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.4:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.5:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.6:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.7:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.8:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.9:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.02.0:*:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.02.1:*:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.02.2:*:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.02.3:*:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.02.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-01-06 17:30

Updated : 2024-02-28 11:21


NVD link : CVE-2008-5860

Mitre link : CVE-2008-5860

CVE.ORG link : CVE-2008-5860


JSON object : View

Products Affected

constructr

  • constructr-cms
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')