Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php.
References
Configurations
History
No history.
Information
Published : 2008-07-11 19:41
Updated : 2023-12-10 10:51
NVD link : CVE-2008-3150
Mitre link : CVE-2008-3150
CVE.ORG link : CVE-2008-3150
JSON object : View
Products Affected
neutrino-cms
- atomic_edition
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')