CVE-2008-5771 - Path Traversal vulnerability in Phpweather 2.2.2

Publication

2008-12-30

Last modification

2017-09-29

Summary

Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.

Description

PHP Weather is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.PHP Weather 2.2.2 is vulnerable; other versions may also be affected.

Solution

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Exploit

Attackers can exploit these issues via a browser.The following example URIs are available:For the local file-include issue:http://www.example.com/path/test.php?metar=()&language=[Lfi]%00For the cross-site scripting issue:http://www.example.com/path/config/make_config.php/>"><ScRiPt>alert(0)</ScRiPt>

Classification

CWE-22 - Path Traversal

Risk level (CVSS AV:N/AC:L/Au:N/C:P/I:P/A:P)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Phpweather Phpweather  2.2.2

Related CVE