Lucene search

[email protected]CVE-2008-1042

HistoryFeb 27, 2008 - 7:44 p.m.

CVE-2008-1042

2008-02-2719:44:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-1042

linux web shop

php download manager

vulnerability

directory traversal

remote attackers

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the content parameter.

Affected configurations

NVD

Node

linux_web_shopphp_download_managerRange≤1.1

CPENameOperatorVersion
linux_web_shop:php_download_managerlinux web shop php download managerle1.1

CPE	Name	Operator	Version
linux_web_shop:php_download_manager	linux web shop php download manager	le	1.1

References

secunia.com/advisories/29089

www.securityfocus.com/bid/27961

exchange.xforce.ibmcloud.com/vulnerabilities/40795

www.exploit-db.com/exploits/5183

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2008-1042

nvd1 prion1 cvelist1