FreeWebShop.Local.File.Include.Vulnerability

description-logoDescription

FreeWebShop is a free and powerful software to enable quick development of a web shop.
Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter. (CVE-2009-2338)

affected-products-logoAffected Products

FreeWebshop before and including 2.2.9 R2

Impact logoImpact

The vulnerability could allow remote attackers to include and execute arbitrary local files locating in the target system.

recomended-action-logoRecommended Actions

Currently there are no vendor supplied patches or update available.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)