Lucene search

MitreCVE-2008-7254

HistoryApr 07, 2010 - 6:30 p.m.

CVE-2008-7254

2010-04-0718:30:00

CWE-22

mitre

web.nvd.nist.gov

cve-2008-7254

directory traversal

irmin cms

remote attackers

arbitrary files

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.004

Percentile

75.1%

JSON

Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute arbitrary files via a … (dot dot) in the _Root_Path parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

ermenegildo_fioritoirmin_cmsMatch0.5

ermenegildo_fioritoirmin_cmsMatch0.6beta2

VendorProductVersionCPE
ermenegildo_fioritoirmin_cms0.5cpe:2.3:a:ermenegildo_fiorito:irmin_cms:0.5:*:*:*:*:*:*:*
ermenegildo_fioritoirmin_cms0.6cpe:2.3:a:ermenegildo_fiorito:irmin_cms:0.6:beta2:*:*:*:*:*:*

Vendor	Product	Version	CPE
ermenegildo_fiorito	irmin_cms	0.5	cpe:2.3:a:ermenegildo_fiorito:irmin_cms:0.5:::::::*
ermenegildo_fiorito	irmin_cms	0.6	cpe:2.3:a:ermenegildo_fiorito:irmin_cms:0.6:beta2::::::

References

osvdb.org/63348

packetstormsecurity.org/0808-exploits/pepsicms-rfi.txt

secunia.com/advisories/39214

www.exploit-db.com/exploits/11938

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.004

Percentile

75.1%

JSON

Related for CVE-2008-7254