Lucene search

[email protected]CVE-2008-7090

HistoryAug 26, 2009 - 2:24 p.m.

CVE-2008-7090

2009-08-2614:24:17

CWE-22

[email protected]

web.nvd.nist.gov

172

cve-2008-7090

directory traversal

pligg

remote attackers

trackback.php

settemplate.php

nvd

7.1 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.007 Low

EPSS

Percentile

79.5%

JSON

Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a … (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a … (dot dot) in the template parameter to settemplate.php.

Affected configurations

NVD

Node

pliggpligg_cmsRange≤9.9

pliggpligg_cmsMatch9.5

CPENameOperatorVersion
pligg:pligg_cmspligg pligg cmsle9.9
pligg:pligg_cmspligg pligg cmseq9.5

CPE	Name	Operator	Version
pligg:pligg_cms	pligg pligg cms	le	9.9
pligg:pligg_cms	pligg pligg cms	eq	9.5

References

www.gulftech.org/?node=research&article_id=00120-07312008

www.osvdb.org/50187

www.osvdb.org/50188

www.securityfocus.com/archive/1/494987/100/0/threaded

www.securityfocus.com/bid/30458

exchange.xforce.ibmcloud.com/vulnerabilities/44190

exchange.xforce.ibmcloud.com/vulnerabilities/44191

www.exploit-db.com/exploits/6173

7.1 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.007 Low

EPSS

Percentile

79.5%

JSON

Related for CVE-2008-7090

prion1 cvelist1 nessus1 nvd1