CVE-2008-0361

Instituto Politicnico Nacional Gradman < 0.1.3 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by JosS · perlwebappsphp

https://www.exploit-db.com/exploits/4926

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://securityreason.com/securityalert/3552

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4926

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/486444/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27324

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39732

[Vendor Advisory] http://secunia.com/advisories/28520

Scores

EPSS 0.0785

EPSS Percentile 92.0%

Details

CWE

CWE-22

Status published

Products (1)

instituto_politicnico_nacional/gradman < 0.1.3

Published Jan 18, 2008

Tracked Since Feb 18, 2026