Lucene search

K
cve[email protected]CVE-2008-5752
HistoryDec 30, 2008 - 5:30 p.m.

CVE-2008-5752

2008-12-3017:30:00
CWE-22
web.nvd.nist.gov
28
cve
2008
5752
directory traversal
vulnerability
getconfig.php
page flip image gallery
wordpress
magic_quotes_gpc
remote attackers
arbitrary files
dot dot
book_id parameter

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.017 Low

EPSS

Percentile

87.7%

Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a … (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD
Node
wordpresspage_flip_image_gallery_pluginRange0.2.2
OR
wordpresspage_flip_image_gallery_pluginMatch0.1
OR
wordpresspage_flip_image_gallery_pluginMatch0.1.1
OR
wordpresspage_flip_image_gallery_pluginMatch0.1.3
OR
wordpresspage_flip_image_gallery_pluginMatch0.1.4
OR
wordpresspage_flip_image_gallery_pluginMatch0.1.6
OR
wordpresspage_flip_image_gallery_pluginMatch0.2.0
OR
wordpresspage_flip_image_gallery_pluginMatch0.2.1
AND
wordpresswordpress

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.017 Low

EPSS

Percentile

87.7%