2 matches found
CVE-2008-5860
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the editfile parameter...
CVE-2008-5860
CVE-2008-5860 affects Constructr CMS up to version 3.02.5, where a directory traversal flaw in backend/template.php can be exploited when register_globals is enabled and magic_quotes_gpc is disabled. The vulnerability allows a remote attacker to create or read arbitrary files via directory traver...