Lucene search

[email protected]CVE-2008-2459

HistoryMay 27, 2008 - 2:32 p.m.

CVE-2008-2459

2008-05-2714:32:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-2459

directory traversal

entertainmentscript 1.4.0

remote attackers

arbitrary local files

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Directory traversal vulnerability in page.php in EntertainmentScript 1.4.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.

Affected configurations

NVD

Node

entertainmentscriptentertainmentscriptMatch1.4.0

CPENameOperatorVersion
entertainmentscript:entertainmentscriptentertainmentscripteq1.4.0

CPE	Name	Operator	Version
entertainmentscript:entertainmentscript	entertainmentscript	eq	1.4.0

References

secunia.com/advisories/30311

www.securityfocus.com/bid/29306

exchange.xforce.ibmcloud.com/vulnerabilities/42540

www.exploit-db.com/exploits/5655

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2008-2459

prion1 cvelist1 nvd1