CVE-2008-3770

Freeway 1.4.1.171 - Path Traversal

Title source: llm
STIX 2.1

Description

Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.

Exploits (8)

exploitdb WRITEUP VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32270
exploitdb WORKING POC VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32269
exploitdb WRITEUP VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32268
exploitdb WORKING POC VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32267
exploitdb WRITEUP VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32266
exploitdb WRITEUP VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32265
exploitdb WORKING POC VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32264
exploitdb WRITEUP VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32259

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45037
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30731
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31475
Various Sources x_refsource_confirm
http://www.openfreeway.org/download/change-log.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4181
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/495549/100/0/threaded

Scores

EPSS 0.0565
EPSS Percentile 90.4%

Details

CWE
CWE-22
Status published
Products (1)
openfreeway/freeway 1.4.1.171
Published Aug 22, 2008
Tracked Since Feb 18, 2026