CVE-2008-3385

CVSS 6.8 - MEDIUM

Description

Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Affected Products

2

Vendor	Product	Version
linuxwebshop	php_help_agent	`1.0`
linuxwebshop	php_help_agent	`1.1`

References

http://secunia.com/advisories/31099

http://securityreason.com/securityalert/4074

http://www.securityfocus.com/bid/30240

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://www.exploit-db.com/exploits/6080

http://secunia.com/advisories/31099

http://securityreason.com/securityalert/4074

http://www.securityfocus.com/bid/30240

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://www.exploit-db.com/exploits/6080

Weakness Types

CWE-22

CVE Information

CVE ID:: CVE-2008-3385
Published:: 2008-07-30
Modified:: 2026-04-23
CVSS Score:: 6.8
Severity:: MEDIUM
Vector:: AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected Vendors

linuxwebshop

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL