Directory Traversal Vulnerability in nzFotolog by Ricardo Amaral
CVE-2008-3405

Currently unrated

Key Information:

Vendor: Nazgulled
Status: Nzfotolog
Vendor: CVE Published:; 31 July 2008

What is CVE-2008-3405?

The vulnerability in nzFotolog 0.4.1 stems from improper validation in the index.php file, permitting remote attackers to utilize directory traversal sequences in the action_file parameter. This flaw can be exploited to include and execute arbitrary local files on the server, significantly compromising system integrity. Attackers leveraging this vulnerability can gain unauthorized access to sensitive files and potentially assume control of the web application.

References

http://securityreason.com/securityalert/4086

third-party-advisoryx_refsource_SREASON

https://exchange.xforce.ibmcloud.com/vulnerabilities/44065

vdb-entryx_refsource_XF

https://www.exploit-db.com/exploits/6164

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2008
Vulnerability Reserved
Jul 31, 2008

JSON

Nazgulled

What is CVE-2008-3405?

References

Timeline