Lucene search

[email protected]NVD:CVE-2008-6308

HistoryFeb 27, 2009 - 1:30 a.m.

CVE-2008-6308

2009-02-2701:30:00

CWE-22

[email protected]

web.nvd.nist.gov

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.029 Low

EPSS

Percentile

90.9%

JSON

Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a … (dot dot) in the pun_user[language] parameter to (1) functions_navlinks.php, (2) header_new_messages.php, (3) profile_send.php, and (4) viewtopic_PM-link.php in include/pms/.

Affected configurations

NVD

Node

punbbprivate_messaging_systemRange≤1.2.3

punbbprivate_messaging_systemMatch1.2.0

punbbprivate_messaging_systemMatch1.2.1

punbbprivate_messaging_systemMatch1.2.2

AND

punbbpunbb

References

secunia.com/advisories/13201

www.securityfocus.com/bid/32360

www.vupen.com/english/advisories/2008/3214

exchange.xforce.ibmcloud.com/vulnerabilities/46718

www.exploit-db.com/exploits/7159

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.029 Low

EPSS

Percentile

90.9%

JSON

Related for NVD:CVE-2008-6308

prion1 cvelist1 cve1