CVE-2008-3415

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
31/07/2008
Last modified:
09/04/2025

Description

Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:cmscout:cmscout:2.05:*:*:*:*:*:*:*