Security Advisory

CVE-2008-3564

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2008-08-10 20:00:00

Last updated 2024-08-07 09:45:18

Assigner mitre

State PUBLISHED

Description

Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

← Browse all CVEs View on cve.org ↗