Directory Traversal Vulnerabilities in Page Engine CMS by Unknown Vendor
CVE-2009-0729

Currently unrated

Key Information:

Vendor: Lingx
Status: Page Engine Cms
Vendor: CVE Published:; 24 February 2009

Summary

Multiple directory traversal vulnerabilities in Page Engine CMS versions 2.0 Basic and Pro allow remote attackers to manipulate file inclusion mechanisms. By exploiting the fPrefix parameter, attackers can craft inputs that enable them to include and execute arbitrary local files within the CMS. This includes critical modules such as recent_poll_include.php, login_include.php, and statistics_include.php, as well as configuration files located in the includes directory. These vulnerabilities pose significant risks if left unaddressed, potentially allowing unauthorized access to sensitive server files.

References

http://osvdb.org/52178

vdb-entryx_refsource_OSVDB

http://osvdb.org/52177

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/48856

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 24, 2009
Vulnerability Reserved
Feb 24, 2009