Lucene search

[email protected]CVE-2008-6981

HistoryAug 19, 2009 - 5:24 a.m.

CVE-2008-6981

2009-08-1905:24:52

CWE-200

[email protected]

web.nvd.nist.gov

phpadultsite

cms

remote attackers

security vulnerability

path leakage

sql injection

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.0%

JSON

index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to obtain the full installation path via an invalid results_per_page parameter, which leaks the path in an error message. NOTE: this issue might be resultant from a separate SQL injection vulnerability.

Affected configurations

NVD

Node

phpadultsitephpadultsite_cmsMatch2.3.2

CPENameOperatorVersion
phpadultsite:phpadultsite_cmsphpadultsite phpadultsite cmseq2.3.2

CPE	Name	Operator	Version
phpadultsite:phpadultsite_cms	phpadultsite phpadultsite cms	eq	2.3.2

References

www.davidsopas.com/2008/09/phpadult-cms-exploit/

www.securityfocus.com/archive/1/496069/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/44924

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.0%

JSON

Related for CVE-2008-6981

prion1 cvelist1 nvd1