CVE-2008-0357

Galaxyscripts Mini File Host < 1.2.1 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by shinmai · perlwebappsphp

https://www.exploit-db.com/exploits/4940

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Scary-Boys · textwebappsphp

https://www.exploit-db.com/exploits/4930

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4930

[Exploit] http://www.securityfocus.com/bid/27327

[Vendor Advisory] http://secunia.com/advisories/28504

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39799

Scores

EPSS 0.0601

EPSS Percentile 90.7%

Details

CWE

CWE-22

Status published

Products (1)

galaxyscripts/mini_file_host < 1.2.1

Published Jan 18, 2008

Tracked Since Feb 18, 2026