CVE-2008-6825

Trixbox < 2.6.1 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/16904

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by muts · pythonremotelinux

https://www.exploit-db.com/exploits/6045

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Jean-Michel BESNARD · perlwebappslinux

https://www.exploit-db.com/exploits/6026

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

by chao-mu · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/trixbox_langchoice.rb

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0101.html

[Exploit] http://www.securityfocus.com/bid/30135

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6026

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43686

[Third Party Advisory, VDB Entry] http://osvdb.org/50421

Scores

EPSS 0.6330

EPSS Percentile 98.4%

Details

CWE

CWE-22

Status published

Products (3)

trixbox/trixbox 2.0

trixbox/trixbox 2.4.2.0

trixbox/trixbox < 2.6.1

Published Jun 05, 2009

Tracked Since Feb 18, 2026