Lucene search

[email protected]CVE-2008-5265

HistoryNov 28, 2008 - 7:00 p.m.

CVE-2008-5265

2008-11-2819:00:03

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-5265

directory traversal

remote code execution

tnt forum 0.9.4

nvd.

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.1%

JSON

Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo parameter.

Affected configurations

NVD

Node

tntforumtnt_forumMatch0.9.4

CPENameOperatorVersion
tntforum:tnt_forumtntforum tnt forumeq0.9.4

CPE	Name	Operator	Version
tntforum:tnt_forum	tntforum tnt forum	eq	0.9.4

References

secunia.com/advisories/30595

securityreason.com/securityalert/4656

www.securityfocus.com/bid/29645

exchange.xforce.ibmcloud.com/vulnerabilities/42978

www.exploit-db.com/exploits/5782

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for CVE-2008-5265

cvelist1 nvd1 prion1