Directory traversal

2009-08-1716:30:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.0%

JSON

Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the pun_user[language] parameter.

CPENameOperatorVersion
reputationle2.2.4
reputationeq2.0.4
reputationeq2.2.3

Name	Operator	Version
reputation	le	2.2.4
reputation	eq	2.0.4
reputation	eq	2.2.3

References

osvdb.org/56613

packetstormsecurity.org/0907-exploits/punbbrep-lfi.txt

secunia.com/advisories/36020

exchange.xforce.ibmcloud.com/vulnerabilities/52138

www.exploit-db.com/exploits/9315