VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 8, 2008· Updated Apr 23, 2026

CVE-2008-3555

CVE-2008-3555

Description

Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.

Affected products

90
  • Wsn/Links87 versions
    cpe:2.3:a:wsn:links:4.0.30:*:*:*:*:*:*:*+ 86 more
    • cpe:2.3:a:wsn:links:4.0.30:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.32:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.33:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.34:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.35:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.36:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.37:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.38:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.39:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.40:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.22:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.26:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.27:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.29:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.0.41:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.18:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.21:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.22:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.23:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.24:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.25:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.26:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.27:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.28:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.29:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.30:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.31:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.32:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.33:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.34:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.35:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.36:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.37:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.38:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.39:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.40:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.41:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.42:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.43:*:*:*:*:*:*:*
    • cpe:2.3:a:wsn:links:4.1.44:*:*:*:*:*:*:*
  • Wsn/Forum
    cpe:2.3:a:wsn:forum:*:*:*:*:*:*:*:*
    Range: <=4.1.43
  • Wsn/Gallery
    cpe:2.3:a:wsn:gallery:*:*:*:*:*:*:*:*
    Range: <=4.1.30
  • Wsn/Knowledge Base
    cpe:2.3:a:wsn:knowledge_base:*:*:*:*:*:*:*:*
    Range: <=4.1.36

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.