Vulnerabilities > CVE-2002-2128 - Unspecified vulnerability in W-Agora 4.1.5

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
w-agora
NVD
Published: 2002-12-31
Updated: 2008-09-05

Summary

editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter.

Vulnerable Configurations

Part Description Count
Application
W-Agora
1

References