Lucene search

[email protected]NVD:CVE-2010-2797

HistoryOct 08, 2010 - 9:00 p.m.

CVE-2010-2797

2010-10-0821:00:01

CWE-22

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.4%

JSON

Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642.

Affected configurations

NVD

Node

cmsmadesimplecms_made_simpleRange≤1.6.8

cmsmadesimplecms_made_simpleMatch1.0

cmsmadesimplecms_made_simpleMatch1.0beta1

cmsmadesimplecms_made_simpleMatch1.0beta2

cmsmadesimplecms_made_simpleMatch1.0beta3

cmsmadesimplecms_made_simpleMatch1.0beta4

cmsmadesimplecms_made_simpleMatch1.0beta5

cmsmadesimplecms_made_simpleMatch1.0beta6

cmsmadesimplecms_made_simpleMatch1.0.1

cmsmadesimplecms_made_simpleMatch1.0.2

cmsmadesimplecms_made_simpleMatch1.0.3

cmsmadesimplecms_made_simpleMatch1.0.4

cmsmadesimplecms_made_simpleMatch1.0.5

cmsmadesimplecms_made_simpleMatch1.0.6

cmsmadesimplecms_made_simpleMatch1.0.7

cmsmadesimplecms_made_simpleMatch1.0.8

cmsmadesimplecms_made_simpleMatch1.1

cmsmadesimplecms_made_simpleMatch1.1rc1

cmsmadesimplecms_made_simpleMatch1.1rc2

cmsmadesimplecms_made_simpleMatch1.1rc3

cmsmadesimplecms_made_simpleMatch1.1.1

cmsmadesimplecms_made_simpleMatch1.1.2

cmsmadesimplecms_made_simpleMatch1.1.3.1

cmsmadesimplecms_made_simpleMatch1.1.4.1

cmsmadesimplecms_made_simpleMatch1.2

cmsmadesimplecms_made_simpleMatch1.2beta1

cmsmadesimplecms_made_simpleMatch1.2beta2

cmsmadesimplecms_made_simpleMatch1.2beta3

cmsmadesimplecms_made_simpleMatch1.2rc1

cmsmadesimplecms_made_simpleMatch1.2.1

cmsmadesimplecms_made_simpleMatch1.2.2

cmsmadesimplecms_made_simpleMatch1.2.3

cmsmadesimplecms_made_simpleMatch1.2.4

cmsmadesimplecms_made_simpleMatch1.2.5

cmsmadesimplecms_made_simpleMatch1.3

cmsmadesimplecms_made_simpleMatch1.3beta1

cmsmadesimplecms_made_simpleMatch1.3beta2

cmsmadesimplecms_made_simpleMatch1.3.1

cmsmadesimplecms_made_simpleMatch1.4

cmsmadesimplecms_made_simpleMatch1.4beta1

cmsmadesimplecms_made_simpleMatch1.4beta2

cmsmadesimplecms_made_simpleMatch1.4.1

cmsmadesimplecms_made_simpleMatch1.5

cmsmadesimplecms_made_simpleMatch1.5beta1

cmsmadesimplecms_made_simpleMatch1.5.1

cmsmadesimplecms_made_simpleMatch1.5.2

cmsmadesimplecms_made_simpleMatch1.5.3

cmsmadesimplecms_made_simpleMatch1.5.4

cmsmadesimplecms_made_simpleMatch1.6

cmsmadesimplecms_made_simpleMatch1.6.1

cmsmadesimplecms_made_simpleMatch1.6.2

cmsmadesimplecms_made_simpleMatch1.6.3

cmsmadesimplecms_made_simpleMatch1.6.4

cmsmadesimplecms_made_simpleMatch1.6.5

cmsmadesimplecms_made_simpleMatch1.6.6

cmsmadesimplecms_made_simpleMatch1.6.7

cmsmadesimplecms_made_simpleMatch1.7

References

cross-site-scripting.blogspot.com/2010/07/cms-made-simple-18-local-file-inclusion.html

secunia.com/advisories/40031

www.cmsmadesimple.org/2010/07/3/announcing-cms-made-simple-1-8-1-mankara/

www.openwall.com/lists/oss-security/2010/08/01/2

www.openwall.com/lists/oss-security/2010/08/02/8

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.4%

JSON

Related for NVD:CVE-2010-2797

cve2 prion2 cvelist2 dsquare2 nvd1 nessus1 openvas1 d21