Lucene search

[email protected]CVE-2008-4894

HistoryNov 04, 2008 - 12:58 a.m.

CVE-2008-4894

2008-11-0400:58:39

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-4894

directory traversal

templates

php

security vulnerability

tribiq cms

7.2 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.2%

JSON

Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c.

Affected configurations

NVD

Node

tribiqtribiq_cmsMatch5.0.10a

CPENameOperatorVersion
tribiq:tribiq_cmstribiq tribiq cmseq5.0.10a

CPE	Name	Operator	Version
tribiq:tribiq_cms	tribiq tribiq cms	eq	5.0.10a

References

secunia.com/advisories/32548

www.securityfocus.com/bid/32018

exchange.xforce.ibmcloud.com/vulnerabilities/46264

www.exploit-db.com/exploits/6888

7.2 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.2%

JSON

Related for CVE-2008-4894

cvelist2 prion2 nvd2 cve1