Unrated severityNVD Advisory· Published Apr 16, 2008· Updated Apr 23, 2026
CVE-2008-1856
CVE-2008-1856
Description
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
Affected products
16cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.3.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7News mentions
0No linked articles in our index yet.