Lucene search

[email protected]NVD:CVE-2008-2044

HistoryMay 01, 2008 - 7:05 p.m.

CVE-2008-2044

2008-05-0119:05:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.123

Percentile

95.4%

JSON

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the ‘true’ string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php.

Affected configurations

Nvd

Node

netofficedwinsMatch1.3

VendorProductVersionCPE
netofficedwins1.3cpe:2.3:a:netoffice:dwins:1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netoffice	dwins	1.3	cpe:2.3:a:netoffice:dwins:1.3:::::::*

References

netofficedwins.sourceforge.net/modules/news/article.php?storyid=47

secunia.com/advisories/29193

securityreason.com/securityalert/3845

sourceforge.net/forum/forum.php?forum_id=814851

www.securityfocus.com/archive/1/488958

www.securityfocus.com/archive/1/491542/100/0/threaded

www.securityfocus.com/bid/28051

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.123

Percentile

95.4%

JSON

Related for NVD:CVE-2008-2044

exploitdb1 cvelist1 nessus1 cve1 prion1