Lucene search

[email protected]CVE-2008-2974

HistoryJul 02, 2008 - 5:14 p.m.

CVE-2008-2974

2008-07-0217:14:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2008

2974

directory traversal

mm chat

vulnerability

remote attack

local files

parameter

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter.

Affected configurations

NVD

Node

mm_chatmm_chatMatch1.5

CPENameOperatorVersion
mm_chat:mm_chatmm chateq1.5

CPE	Name	Operator	Version
mm_chat:mm_chat	mm chat	eq	1.5

References

www.securityfocus.com/bid/29910

exchange.xforce.ibmcloud.com/vulnerabilities/43327

www.exploit-db.com/exploits/5919

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Related for CVE-2008-2974

cvelist1 nvd1 prion1