Lucene search

[email protected]CVE-2008-2483

HistoryMay 28, 2008 - 3:32 p.m.

CVE-2008-2483

2008-05-2815:32:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-2483

xomol cms

security vulnerability

directory traversal

nvd

remote code execution

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

JSON

Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the op parameter.

Affected configurations

NVD

Node

xomolxomol_cmsMatch1.20071213

CPENameOperatorVersion
xomol:xomol_cmsxomol xomol cmseq1.20071213

CPE	Name	Operator	Version
xomol:xomol_cms	xomol xomol cms	eq	1.20071213

References

secunia.com/advisories/30374

www.securityfocus.com/bid/29359

www.vupen.com/english/advisories/2008/1644/references

exchange.xforce.ibmcloud.com/vulnerabilities/42632

www.exploit-db.com/exploits/5673

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

JSON

Related for CVE-2008-2483

cvelist1 nvd1 prion1