Lucene search

K
cve[email protected]CVE-2008-1371
HistoryMar 18, 2008 - 5:44 p.m.

CVE-2008-1371

2008-03-1817:44:00
CWE-22
web.nvd.nist.gov
20
cve-2008-1371
absolute path traversal
vulnerability
drake cms
remote attackers
arbitrary files
nvd

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

AI Score

7

Confidence

High

EPSS

0.004

Percentile

73.1%

Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD
Node
drake_teamdrake_cmsMatch0.4.11_rc8
VendorProductVersionCPE
drake_teamdrake_cms0.4.11+rc8cpe:/a:drake_team:drake_cms:0.4.11+rc8:::

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

AI Score

7

Confidence

High

EPSS

0.004

Percentile

73.1%

Related for CVE-2008-1371