CVE-2008-1856

LinPHA <1.3.3 - Path Traversal

Title source: llm

Description

plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/5392

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://secunia.com/advisories/29724

[Product] http://sourceforge.net/project/shownotes.php?release_id=595725

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41676

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28654

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5392

[Third Party Advisory, VDB Entry] http://www.osvdb.org/50229

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1136

Scores

EPSS 0.0446

EPSS Percentile 89.1%

Details

CWE

CWE-20 CWE-22

Status published

Products (13)

linpha/linpha

linpha/linpha 0.9.0

linpha/linpha 0.9.1

linpha/linpha 0.9.2

linpha/linpha 0.9.3

linpha/linpha 0.9.4

linpha/linpha 1.0 beta1 (4 CPE variants)

linpha/linpha 1.1.0

linpha/linpha 1.1.1

linpha/linpha 1.2.0

... and 3 more

Published Apr 16, 2008

Tracked Since Feb 18, 2026