CVE-2008-0167

Gforge - Symlink Following

Title source: rule

Description

The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5173

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://secunia.com/advisories/30088

[Vendor Advisory] http://secunia.com/advisories/30286

[Various Sources] http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz

[Patch] http://www.debian.org/security/2008/dsa-1577

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42456

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29215

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1537/references

Scores

EPSS 0.0107

EPSS Percentile 77.8%

Details

CWE

CWE-59

Status published

Products (1)

gforge/gforge 4.5.14

Published May 18, 2008

Tracked Since Feb 18, 2026