Directory Traversal Vulnerability in Crux Gallery by K J P Innovation
CVE-2008-4483

Currently unrated

Key Information:

Vendor: Crux Software
Status: Gallery
Vendor: CVE Published:; 8 October 2008

🔔 Create Crux Software Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-4483?

The vulnerability in Crux Gallery allows remote attackers to exploit directory traversal, enabling them to include and execute arbitrary local files by leveraging the theme parameter in the index.php file. This issue occurs when the magic_quotes_gpc setting is disabled, making the application susceptible to manipulation via specially crafted requests. Security measures must be taken to patch affected versions or implement workarounds to mitigate exploitation risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-4483 - Proof of Concept

References

http://www.securityfocus.com/bid/31516

vdb-entryx_refsource_BID

http://secunia.com/advisories/32058

third-party-advisoryx_refsource_SECUNIA

http://securityreason.com/securityalert/4366

third-party-advisoryx_refsource_SREASON

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 8, 2008
👾
Exploit known to exist
Oct 8, 2008
Vulnerability published
Oct 8, 2008
Vulnerability Reserved
Oct 7, 2008

CVE-2008-4483 Data

JSON