Unrated severityNVD Advisory· Published Apr 16, 2008· Updated Jun 16, 2026
CVE-2008-1856
CVE-2008-1856
Description
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:linpha:linpha:1.3.2:*:*:*:*:*:*:*
- (no CPE)range: <=1.3.3
Patches
Vulnerability mechanics
References
7News mentions
0No linked articles in our index yet.