4 matches found
Directory traversal
Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the LANGCODE parameter...
Directory traversal
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANGCODE parameter. NOTE: the provenance of this...
CVE-2010-1059
The CVE concerns Phpkobo Address Book Script 1.09, where a directory traversal flaw in staff/app/common.inc.php can be exploited when magic_quotes_gpc is disabled. An attacker can include and execute arbitrary local files by manipulating the LANG_CODE parameter, enabling at least partial impact t...
CVE-2010-1058
CVE-2010-1058 describes a directory traversal vulnerability in the Phpkobo Address Book Script 1.09. The flaw resides in the file codelib/cfg/common.inc.php, where the LANG_CODE parameter can be manipulated (via ".." paths) to include and execute arbitrary local files when magic_quotes_gpc is dis...