Lucene search

[email protected]CVE-2008-7212

HistorySep 11, 2009 - 4:30 p.m.

CVE-2008-7212

2009-09-1116:30:00

CWE-264

[email protected]

web.nvd.nist.gov

mambo

mostlyce

vulnerability

cve-2008-7212

information security

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.8%

JSON

MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message.

CPENameOperatorVersion
mambo-foundation:mambomambo-foundation mambole4.6.3
mambo-foundation:mambomambo-foundation mamboeq4.6.2
brilaps:mostlycebrilaps mostlycele2.0

CPE	Name	Operator	Version
mambo-foundation:mambo	mambo-foundation mambo	le	4.6.3
mambo-foundation:mambo	mambo-foundation mambo	eq	4.6.2
brilaps:mostlyce	brilaps mostlyce	le	2.0

References

archives.neohapsis.com/archives/bugtraq/2008-02/0444.html

forum.mambo-foundation.org/showthread.php?t=10158

osvdb.org/42529

secunia.com/advisories/28670

www.bugreport.ir/index_33.htm

www.securityfocus.com/archive/1/487128/100/200/threaded

www.vupen.com/english/advisories/2008/0325

exchange.xforce.ibmcloud.com/vulnerabilities/39983

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for CVE-2008-7212

prion1 cvelist1