Lucene search

[email protected]CVE-2008-4667

HistoryOct 22, 2008 - 10:30 a.m.

CVE-2008-4667

2008-10-2210:30:01

CWE-22

[email protected]

web.nvd.nist.gov

cve

2008

4667

directory traversal

arabcms

remote attack

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the rss parameter.

Affected configurations

NVD

Node

arabcmsarabcmsMatch2.0beta1

CPENameOperatorVersion
arabcms:arabcmsarabcmseq2.0

CPE	Name	Operator	Version
arabcms:arabcms	arabcms	eq	2.0

References

securityreason.com/securityalert/4468

www.securityfocus.com/bid/31480

www.vupen.com/english/advisories/2008/2697

exchange.xforce.ibmcloud.com/vulnerabilities/45514

www.exploit-db.com/exploits/6628

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2008-4667

cvelist1 prion1 nvd1