CVE-2008-4499

Php Web Explorer Lite < 0.99b - Path Traversal

Title source: rule

Description

Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Pepelux · textwebappsphp

https://www.exploit-db.com/exploits/32463

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Pepelux · textwebappsphp

https://www.exploit-db.com/exploits/32464

View Code ZIP pw:eip

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45691

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=122332154511973&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31595

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4371

Scores

EPSS 0.0256

EPSS Percentile 85.6%

Details

CWE

CWE-22

Status published

Products (2)

php_web_explorer/php_web_explorer_lite 0.99a

php_web_explorer/php_web_explorer_lite < 0.99b

Published Oct 09, 2008

Tracked Since Feb 18, 2026