Directory traversal

2006-03-2901:06:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.4%

JSON

Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php.

CPENameOperatorVersion
php_live_helpereq1.8

CPE	Name	Operator	Version
	php_live_helper	eq	1.8

References

secunia.com/advisories/19428

securityreason.com/securityalert/641

www.securityfocus.com/archive/1/428976/100/0/threaded

www.turnkeywebtools.com/forum/showthread.php?p=10415

www.worlddefacers.de/Public/WD-TMPLH.txt

exchange.xforce.ibmcloud.com/vulnerabilities/25489