Lucene search
HistoryJan 09, 2008 - 12:46 a.m.
CVE-2008-0148
tutos 1.3
remote attackers
shell commands
cmd parameter
7.6 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
74.8%
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
Affected configurations
Node
tutostutosMatch1.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| tutos:tutos | tutos | eq | 1.3 |
Related
prion
prion
Server side request forgery (ssrf)
2008-01-09 00:46:00
cvelist
cvelist
CVE-2008-0148
2008-01-09 00:00:00
nvd
nvd
CVE-2008-0148
2008-01-09 00:46:00
ubuntucve
ubuntucve
CVE-2008-0148
2008-01-09 00:00:00
7.6 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
74.8%
Related for CVE-2008-0148