Description
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by otmorozok428 · textwebappsphp
https://www.exploit-db.com/exploits/6208
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31392
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4120
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44236
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6208
Scores
EPSS
0.0330
EPSS Percentile
87.3%
Details
CWE
CWE-22
Status
published
Products (50)
wsn/forum
< 4.1.43
wsn/gallery
< 4.1.30
wsn/knowledge_base
< 4.1.36
wsn/links
4.0.0
wsn/links
4.0.1
wsn/links
4.0.2
wsn/links
4.0.3
wsn/links
4.0.4
wsn/links
4.0.5
wsn/links
4.0.6
... and 40 more
Published
Aug 08, 2008
Tracked Since
Feb 18, 2026