Lucene search

[email protected]CVE-2008-1371

HistoryMar 18, 2008 - 5:44 p.m.

CVE-2008-1371

2008-03-1817:44:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-1371

absolute path traversal

vulnerability

drake cms

remote attackers

arbitrary files

nvd

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON

Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

drake_teamdrake_cmsMatch0.4.11_rc8

VendorProductVersionCPE
drake_teamdrake_cms0.4.11+rc8cpe:/a:drake_team:drake_cms:0.4.11+rc8:::

Vendor	Product	Version	CPE
drake_team	drake_cms	0.4.11+rc8	cpe:/a:drake_team:drake_cms:0.4.11+rc8:::

References

www.securityfocus.com/bid/28165

www.securityfocus.com/bid/28165/exploit

exchange.xforce.ibmcloud.com/vulnerabilities/41345

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON

Related for CVE-2008-1371

cvelist1 prion1 nvd1