CVE-2008-2227
PHP-Fusion Forum Rank System 6 - Path Traversal via settings[locale] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-2227. PoCs published by Matrix86.
AI-analyzed exploit summary This exploit demonstrates a local file inclusion (LFI) vulnerability in Forum Rank System 6 due to improper input sanitization. The attacker can traverse directories to access sensitive files like /etc/passwd by manipulating the 'settings[locale]' parameter.
Description
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (1)
This exploit demonstrates a local file inclusion (LFI) vulnerability in Forum Rank System 6 due to improper input sanitization. The attacker can traverse directories to access sensitive files like /etc/passwd by manipulating the 'settings[locale]' parameter.