CVE-2008-7064

Quicksilver Forums - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by girex · perlwebappsphp

https://www.exploit-db.com/exploits/7217

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46828

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7217

[Vendor Advisory] http://secunia.com/advisories/32823

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46823

[Third Party Advisory] http://secunia.com/advisories/38670

[URL Repurposed] http://www.qsfportal.com/index.php?a=newspost&t=191

[Third Party Advisory, VDB Entry] http://osvdb.org/50143

[Exploit] http://www.securityfocus.com/bid/32452

Scores

EPSS 0.0312

EPSS Percentile 86.9%

Details

CWE

CWE-22

Status published

Products (1)

quicksilver_forums/quicksilver_forums 1.4.2

Published Aug 25, 2009

Tracked Since Feb 18, 2026