CVE-2008-4486

Yerba < 6.3 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Pepelux · perlwebappsphp

https://www.exploit-db.com/exploits/6687

View Code ZIP pw:eip

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/6691

View Code ZIP pw:eip

References (7)

[Exploit] http://www.securityfocus.com/bid/31606

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45708

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497103

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6687

[Third Party Advisory] http://secunia.com/advisories/32093

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2754

[Third Party Advisory] http://securityreason.com/securityalert/4368

Scores

EPSS 0.1575

EPSS Percentile 94.7%

Details

CWE

CWE-22

Status published

Products (2)

yerba/yerba 6.28

yerba/yerba < 6.3

Published Oct 08, 2008

Tracked Since Feb 18, 2026