Lucene search

[email protected]CVE-2008-2863

HistoryJun 25, 2008 - 12:36 p.m.

CVE-2008-2863

2008-06-2512:36:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-2863

elinestudio

site composer

esc 2.6

path traversal

vulnerability

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/.

Affected configurations

NVD

Node

elinestudiosite_composerRange≤2.6

CPENameOperatorVersion
elinestudio:site_composerelinestudio site composerle2.6

CPE	Name	Operator	Version
elinestudio:site_composer	elinestudio site composer	le	2.6

References

secunia.com/advisories/30762

securityreason.com/securityalert/3957

www.bugreport.ir/?/45

www.securityfocus.com/archive/1/493473/100/0/threaded

www.securityfocus.com/bid/29812

exchange.xforce.ibmcloud.com/vulnerabilities/43193

www.exploit-db.com/exploits/5859

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2008-2863

cvelist1 prion2 nvd2 cve1