CVE-2008-6490

function/updatexml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the targetfile parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/uploadfile.php...

CVE-2008-6490

CVE-2008-6490 affects FLABER 1.1 and earlier. The vulnerability resides in function/update_xml.php, which permits a remote attacker to overwrite arbitrary files by supplying the target filename in the target_file parameter. The issue can be leveraged to achieve code execution by overwriting a PHP...

FLABER 1.1 RC1 - Remote Command Execution

FLABER 1.1 RC1 - Remote Command Execution " . $FILENAME . " Incorrect parameter targetfile."; 18. exit; 19. 20. 21. 22. $targetfile = "../" . $targetfile; 23. 24. // if it is a file 25. if isfile $targetfile 26. 27. if !iswritable $targetfile 28. 29. echo "" . $FILENAME . " " . $targetfile . " is...

FLABER 1.1 RC1 - Remote Command Execution

" . $FILENAME . " Incorrect parameter targetfile."; 18. exit; 19. 20. 21. 22. $targetfile = "../" . $targetfile; 23. 24. // if it is a file 25. if isfile $targetfile 26. 27. if !iswritable $targetfile 28. 29. echo "" . $FILENAME . " " . $targetfile . " is not writable."; 30. exit; 31. 32. 33. $fp...