Lucene search

[email protected]CVE-2008-0458

HistoryJan 25, 2008 - 4:00 p.m.

CVE-2008-0458

2008-01-2516:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2008

0458

directory traversal

vulnerability

slaed cms 2.5 lite

remote attackers

arbitrary execution

local files

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the newlang parameter to index.php.

CPENameOperatorVersion
slaed:slaed_cmsslaed slaed cmseq2.5_lite

CPE	Name	Operator	Version
slaed:slaed_cms	slaed slaed cms	eq	2.5_lite

References

www.securityfocus.com/bid/27426

www.vupen.com/english/advisories/2008/0308

exchange.xforce.ibmcloud.com/vulnerabilities/39897

www.exploit-db.com/exploits/4975

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

Related for CVE-2008-0458

cvelist1 prion1