Lucene search

[email protected]CVE-2008-6659

HistoryApr 07, 2009 - 7:30 p.m.

CVE-2008-6659

2009-04-0719:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-6659

directory traversal

smf

remote code execution

vulnerability

6.9 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.018 Low

EPSS

Percentile

88.2%

JSON

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.

CPENameOperatorVersion
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.11
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1.5
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1.1
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.7
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1.4
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1_rc1
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.5
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1.6
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1_rc3
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1_rc2

CPE	Name	Operator	Version
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.11
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1.5
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1.1
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.7
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1.4
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1_rc1
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.5
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1.6
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1_rc3
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1_rc2

Rows per page:

1-10 of 141

References

osvdb.org/50072

secunia.com/advisories/32516

www.securityfocus.com/bid/32139

www.simplemachines.org/community/index.php?topic=272861.0

www.exploit-db.com/exploits/7011

6.9 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2008-6659

prion1 cvelist1 openvas2