Lucene search

MitreCVE-2008-4894

HistoryNov 04, 2008 - 12:58 a.m.

CVE-2008-4894

2008-11-0400:58:39

CWE-22

mitre

web.nvd.nist.gov

cve-2008-4894

directory traversal

templates

php

security vulnerability

tribiq cms

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.006

Percentile

79.3%

JSON

Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c.

Affected configurations

Nvd

Node

tribiqtribiq_cmsMatch5.0.10a

VendorProductVersionCPE
tribiqtribiq_cms5.0.10acpe:2.3:a:tribiq:tribiq_cms:5.0.10a:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tribiq	tribiq_cms	5.0.10a	cpe:2.3:a:tribiq:tribiq_cms:5.0.10a:::::::*

References

secunia.com/advisories/32548

www.securityfocus.com/bid/32018

exchange.xforce.ibmcloud.com/vulnerabilities/46264

www.exploit-db.com/exploits/6888

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.006

Percentile

79.3%

JSON

Related for CVE-2008-4894