Lucene search

[email protected]NVD:CVE-2008-2863

HistoryJun 25, 2008 - 12:36 p.m.

CVE-2008-2863

2008-06-2512:36:00

CWE-22

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/.

Affected configurations

NVD

Node

elinestudiosite_composerRange≤2.6

References

secunia.com/advisories/30762

securityreason.com/securityalert/3957

www.bugreport.ir/?/45

www.securityfocus.com/archive/1/493473/100/0/threaded

www.securityfocus.com/bid/29812

exchange.xforce.ibmcloud.com/vulnerabilities/43193

www.exploit-db.com/exploits/5859

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for NVD:CVE-2008-2863

cvelist1 prion2 cve2 nvd1