2 matches found
CVE-2008-6833
Directory traversal vulnerability in commsrss.php in fuzzylime cms before 3.01b allows remote attackers to include and execute arbitrary local files via a .. dot dot in a files array element for a blogs action, as demonstrated by the files0 parameter...
CVE-2008-6833
Affected software: fuzzylime (cms) prior to version 3.01b, specifically the commsrss.php script. Vulnerability type & root cause: directory traversal/ local file inclusion via the files[] parameter in the blogs action, where input is not properly sanitized before being used in an include. Impact:...