FreeWebShop.Local.File.Include.Vulnerability
Description
FreeWebShop is a free and powerful software to enable quick development of a web shop.
Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter. (CVE-2009-2338)
Affected Products
FreeWebshop before and including 2.2.9 R2
Impact
The vulnerability could allow remote attackers to include and execute arbitrary local files locating in the target system.
Recommended Actions
Currently there are no vendor supplied patches or update available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |