Lucene search

MitreCVE-2008-0425

HistoryJan 23, 2008 - 10:00 p.m.

CVE-2008-0425

2008-01-2322:00:00

CWE-264

mitre

web.nvd.nist.gov

cve

2008

0425

absolute path traversal

explorerdir.php

frimousse 0.0.2

vulnerability

remote attackers

arbitrary files

arbitrary directories

full pathname

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.012

Percentile

85.4%

JSON

Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.

Affected configurations

Nvd

Node

frimoussefrimousseMatch0.0.2

VendorProductVersionCPE
frimoussefrimousse0.0.2cpe:2.3:a:frimousse:frimousse:0.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
frimousse	frimousse	0.0.2	cpe:2.3:a:frimousse:frimousse:0.0.2:::::::*

References

www.securityfocus.com/bid/27385

www.vupen.com/english/advisories/2008/0216

exchange.xforce.ibmcloud.com/vulnerabilities/39797

www.exploit-db.com/exploits/4943

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.012

Percentile

85.4%

JSON

Related for CVE-2008-0425