Lucene search

[email protected]CVE-2010-0958

HistoryMar 10, 2010 - 8:14 p.m.

CVE-2010-0958

2010-03-1020:14:34

CWE-22

[email protected]

web.nvd.nist.gov

cve-2010-0958

directory traversal

vulnerability

tribisur 2.1

remote execution

magic quotes

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON

Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

thomas_pereztribisurRange≤2.1

thomas_pereztribisurMatch2.0

CPENameOperatorVersion
thomas_perez:tribisurthomas perez tribisurle2.1
thomas_perez:tribisurthomas perez tribisureq2.0

CPE	Name	Operator	Version
thomas_perez:tribisur	thomas perez tribisur	le	2.1
thomas_perez:tribisur	thomas perez tribisur	eq	2.0

References

packetstormsecurity.org/1003-exploits/tribisur-lfi.txt

secunia.com/advisories/28362

www.exploit-db.com/exploits/11655

www.securityfocus.com/bid/38596

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON

Related for CVE-2010-0958

prion1 openvas1 nvd1 cvelist1