Lucene search

[email protected]CVE-2008-0478

HistoryJan 29, 2008 - 8:00 p.m.

CVE-2008-0478

2008-01-2920:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2008

0478

directory traversal

setcms 3.6.5

remote attackers

arbitrary local files

php sequences

nvd

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.2%

JSON

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php.

Affected configurations

NVD

Node

setcmssetcmsMatch3.6.5

CPENameOperatorVersion
setcms:setcmssetcmseq3.6.5

CPE	Name	Operator	Version
setcms:setcms	setcms	eq	3.6.5

References

www.securityfocus.com/bid/27407

exchange.xforce.ibmcloud.com/vulnerabilities/39864

www.exploit-db.com/exploits/4962

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.2%

JSON

Related for CVE-2008-0478

prion1 cvelist1 nvd1