Lucene search

[email protected]CVE-2008-2672

HistoryJun 12, 2008 - 2:32 a.m.

CVE-2008-2672

2008-06-1202:32:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2008

2672

directory traversal

vulnerabilities

erfurtwiki

register_globals

remote attackers

arbitrary local files

include

execute

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and earlier, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a … (dot dot) in the (1) ewiki_id and (2) ewiki_action parameters to fragments/css.php, and possibly the (3) id parameter to the default URI. NOTE: the default URI is site-specific but often performs an include_once of ewiki.php.

Affected configurations

NVD

Node

erfurtwikierfurtwikiRange≤r1.02b

CPENameOperatorVersion
erfurtwiki:erfurtwikierfurtwikiler1.02b

CPE	Name	Operator	Version
erfurtwiki:erfurtwiki	erfurtwiki	le	r1.02b

References

chroot.org/exploits/chroot_uu_007

securityreason.com/securityalert/3936

www.securityfocus.com/archive/1/493219/100/0/threaded

www.securityfocus.com/bid/29628

exchange.xforce.ibmcloud.com/vulnerabilities/42981

www.exploit-db.com/exploits/5771

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2008-2672

nvd1 prion1 cvelist1