Lucene search

[email protected]CVE-2008-4490

HistoryOct 08, 2008 - 2:00 a.m.

CVE-2008-4490

2008-10-0802:00:01

CWE-22

[email protected]

web.nvd.nist.gov

cve

directory traversal

vulnerability

phpabook

nvd

security

magic quotes

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

JSON

Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the userInfo cookie.

Affected configurations

NVD

Node

phpabookphpabookRange≤0.8.8b

phpabookphpabookMatch0.8.4b

phpabookphpabookMatch0.8.6b

phpabookphpabookMatch0.8.7b

CPENameOperatorVersion
phpabook:phpabookphpabookle0.8.8b
phpabook:phpabookphpabookeq0.8.4b
phpabook:phpabookphpabookeq0.8.6b
phpabook:phpabookphpabookeq0.8.7b

CPE	Name	Operator	Version
phpabook:phpabook	phpabook	le	0.8.8b
phpabook:phpabook	phpabook	eq	0.8.4b
phpabook:phpabook	phpabook	eq	0.8.6b
phpabook:phpabook	phpabook	eq	0.8.7b

References

securityreason.com/securityalert/4364

www.securityfocus.com/bid/31581

exchange.xforce.ibmcloud.com/vulnerabilities/45680

www.exploit-db.com/exploits/6679

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for CVE-2008-4490

cvelist1 prion1 nvd1