Summary
Dagger is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer other
attacks are also possible.
Solution
Vendor updates are available. See http://labs.geody.com/dagger/ fore more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-6635 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Ampache Reflected Cross Site Scripting Vulnerability
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability