Lucene search

[email protected]CVE-2008-2820

HistoryJun 23, 2008 - 5:41 p.m.

CVE-2008-2820

2008-06-2317:41:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-2820

directory traversal

open azimyt cms

remote attackers

arbitrary local files

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

JSON

Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the lang parameter.

Affected configurations

NVD

Node

azimytopen_azimyt_cmsMatch0.21_stable

azimytopen_azimyt_cmsMatch0.22_minimal

CPENameOperatorVersion
azimyt:open_azimyt_cmsazimyt open azimyt cmseq0.21_stable
azimyt:open_azimyt_cmsazimyt open azimyt cmseq0.22_minimal

CPE	Name	Operator	Version
azimyt:open_azimyt_cms	azimyt open azimyt cms	eq	0.21_stable
azimyt:open_azimyt_cms	azimyt open azimyt cms	eq	0.22_minimal

References

open-azimyt-cms.googlecode.com/files/security_patch.zip

secunia.com/advisories/30691

securityreason.com/securityalert/3955

www.securityfocus.com/archive/1/493377/100/0/threaded

www.securityfocus.com/bid/29756

exchange.xforce.ibmcloud.com/vulnerabilities/43102

www.exploit-db.com/exploits/5831

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

JSON

Related for CVE-2008-2820

prion1 nvd1 cvelist1