Lucene search

[email protected]CVE-2008-4632

HistoryOct 21, 2008 - 1:18 a.m.

CVE-2008-4632

2008-10-2101:18:02

CWE-22

[email protected]

web.nvd.nist.gov

cve

2008

4632

directory traversal

kure

security vulnerabilities

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.9%

JSON

Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a … (dot dot) in the (1) post and (2) doc parameters.

Affected configurations

NVD

Node

kurekureMatch0.6.3

CPENameOperatorVersion
kure:kurekureeq0.6.3

CPE	Name	Operator	Version
kure:kure	kure	eq	0.6.3

References

securityreason.com/securityalert/4445

www.securityfocus.com/bid/31785

exchange.xforce.ibmcloud.com/vulnerabilities/45927

www.exploit-db.com/exploits/6767

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.9%

JSON

Related for CVE-2008-4632

nvd1 cvelist1 prion1