Lucene search

[email protected]CVE-2008-5948

HistoryJan 23, 2009 - 7:00 p.m.

CVE-2008-5948

2009-01-2319:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2008

5948

directory traversal

bncwi

vulnerability

index.php

remote attack

arbitrary file inclusion

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.7%

JSON

Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the newlanguage parameter.

Affected configurations

NVD

Node

bncwibncwiRange≤1.04

bncwibncwiMatch1.03

CPENameOperatorVersion
bncwi:bncwibncwile1.04
bncwi:bncwibncwieq1.03

CPE	Name	Operator	Version
bncwi:bncwi	bncwi	le	1.04
bncwi:bncwi	bncwi	eq	1.03

References

secunia.com/advisories/32981

www.securityfocus.com/bid/32644

www.exploit-db.com/exploits/7345

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.7%

JSON

Related for CVE-2008-5948

cvelist1 prion1 nvd1