CVE-2008-3385

MEDIUM Year: 2008
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Related Vulnerabilities

CVE-2017-12815

CRITICAL
CVSS:10.0(Critical)

Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar ...

CWE-222017

CVE-2019-18253

CRITICAL
CVSS:10.0(Critical)

An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the...

CWE-222019

CVE-2020-29495

CRITICAL
CVSS:10.0(Critical)

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, le...

CWE-222020

CVE-2022-1992

CRITICAL
CVSS:10.0(Critical)

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

CWE-222022

CVE-2023-2909

CRITICAL
CVSS:10.0(Critical)

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2...

CWE-222023

CVE-2023-6015

CRITICAL
CVSS:10.0(Critical)

MLflow allowed arbitrary files to be PUT onto the server.

CWE-222023