Directory traversal

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the set parameter, as demonstrated by sending a certain CLIENTIP HTTP header in an enter action to index.php, and injecting PHP sequences into...

CVE-2008-0478

CVE-2008-0478 affects SetCMS 3.6.5 with a directory traversal flaw in index.php. The vulnerability arises from including locally stored files via a crafted set parameter, enabling arbitrary code execution when a PHP sequence is injected into files/enter.set and then included by index.php. The att...

CVE-2008-0478

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the set parameter, as demonstrated by sending a certain CLIENTIP HTTP header in an enter action to index.php, and injecting PHP sequences into...

SetCMS 3.6.5 - Remote Command Execution

SetCMS 3.6.5 - Remote Command Execution !/usr/bin/perl SetCMS v3.6.5 setcms.org remote commands execution exploit by RST/GHC o4.o9.2oo6 coded by 1dt.w0lf THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE про багу: file: functions.php FUNCTION ip global $userid; ifgetenv'HTTPCLIENTIP...