Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files
References
Configurations
History
07 Nov 2023, 02:00
Type | Values Removed | Values Added |
---|---|---|
Summary | Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files |
Information
Published : 2007-08-08 01:17
Updated : 2024-05-17 00:35
NVD link : CVE-2007-4180
Mitre link : CVE-2007-4180
CVE.ORG link : CVE-2007-4180
JSON object : View
Products Affected
pluck
- pluck
CWE