Lucene search

[email protected]CVE-2008-1371

HistoryMar 18, 2008 - 5:44 p.m.

CVE-2008-1371

2008-03-1817:44:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-1371

absolute path traversal

vulnerability

drake cms

remote attackers

arbitrary files

nvd

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

drake_teamdrake_cmsMatch0.4.11_rc8

CPENameOperatorVersion
drake_team:drake_cmsdrake team drake cmseq0.4.11_rc8

CPE	Name	Operator	Version
drake_team:drake_cms	drake team drake cms	eq	0.4.11_rc8

References

www.securityfocus.com/bid/28165

www.securityfocus.com/bid/28165/exploit

exchange.xforce.ibmcloud.com/vulnerabilities/41345

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

Related for CVE-2008-1371

cvelist1 prion1 nvd1