CVE-2008-6668

EXPLOITED NUCLEI

Dirk Bartley Nweb2fax < 0.2.7 - Path Traversal

Title source: rule

Description

Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename parameter to viewrq.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dun · textwebappsphp

https://www.exploit-db.com/exploits/5856

View Code ZIP pw:eip

Nuclei Templates (1)

nweb2fax <=0.2.7 - Local File Inclusion

MEDIUMby geeknik

References (4)

[Exploit] http://www.securityfocus.com/bid/29804

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43172

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5856

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43173

Scores

EPSS 0.0057

EPSS Percentile 68.3%

Exploitation Intel

VulnCheck KEV 2024-09-19

Classification

CWE

CWE-22

Status draft

Affected Products (2)

dirk_bartley/nweb2fax < 0.2.7

dirk_bartley/nweb2fax

Timeline

Published Apr 08, 2009

Tracked Since Feb 18, 2026