Lucene search

[email protected]CVE-2008-6290

HistoryFeb 26, 2009 - 4:17 p.m.

CVE-2008-6290

2009-02-2616:17:19

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-6290

directory traversal

includefile.php

niclor sito

remote attackers

arbitrary files

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

JSON

Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a … (dot dot) in the page_file parameter.

Affected configurations

NVD

Node

niclorinclude_sitoMatch-

CPENameOperatorVersion
niclor:include_sitoniclor include sitoeq-

CPE	Name	Operator	Version
niclor:include_sito	niclor include sito	eq	-

References

secunia.com/advisories/32556

www.securityfocus.com/bid/32111

exchange.xforce.ibmcloud.com/vulnerabilities/46338

www.exploit-db.com/exploits/6990

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2008-6290

cvelist1 nvd1 prion1