Lucene search

[email protected]CVE-2008-6012

HistoryJan 30, 2009 - 6:30 p.m.

CVE-2008-6012

2009-01-3018:30:05

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-6012

directory traversal

vulnerability

pritlog

nvd

security

remote attackers

magic quotes gpc

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.4%

JSON

Directory traversal vulnerability in index.php in Pritlog 0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a … (dot dot) in the filename parameter in a viewEntry action.

Affected configurations

NVD

Node

hardkappritlogRange≤0.4

hardkappritlogMatch0.2

hardkappritlogMatch0.3

CPENameOperatorVersion
hardkap:pritloghardkap pritlogle0.4
hardkap:pritloghardkap pritlogeq0.2
hardkap:pritloghardkap pritlogeq0.3

CPE	Name	Operator	Version
hardkap:pritlog	hardkap pritlog	le	0.4
hardkap:pritlog	hardkap pritlog	eq	0.2
hardkap:pritlog	hardkap pritlog	eq	0.3

References

secunia.com/advisories/31915

www.securityfocus.com/bid/31503

exchange.xforce.ibmcloud.com/vulnerabilities/45551

www.exploit-db.com/exploits/6639

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2008-6012

prion1 nvd1 cvelist1