Lucene search

[email protected]CVE-2008-2028

HistoryApr 30, 2008 - 4:17 p.m.

CVE-2008-2028

2008-04-3016:17:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2008-2028

minibb

path disclosure

register_globals

security vulnerability

nvd

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON

miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message.

Affected configurations

NVD

Node

minibbminibbRange≤2.2

CPENameOperatorVersion
minibb:minibbminibble2.2

CPE	Name	Operator	Version
minibb:minibb	minibb	le	2.2

References

secunia.com/advisories/29997/

www.minibb.net/forums/9_5110_0.html

exchange.xforce.ibmcloud.com/vulnerabilities/42012

www.exploit-db.com/exploits/5494

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON

Related for CVE-2008-2028

prion1 cvelist1 nvd1