Lucene search

[email protected]CVE-2008-0231

HistoryJan 11, 2008 - 12:46 a.m.

CVE-2008-0231

2008-01-1100:46:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-0231

directory traversal

index.php

tuned studios

subwoofer

freeze theme

orange cutout

lonely maple

endless

classic theme

music theme

remote file inclusion

php 5

security vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.025

Percentile

90.3%

JSON

Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via “…” sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.

Affected configurations

NVD

Node

tuned_studiosclassic_theme

tuned_studiosendless

tuned_studiosfreeze_theme

tuned_studioslonely_maple

tuned_studiosmusic_theme

tuned_studiosorange_cutout

tuned_studiossubwoofer

VendorProductVersionCPE
tuned_studiosendlesscpe:/a:tuned_studios:endless::::
tuned_studiosmusic_themecpe:/a:tuned_studios:music_theme::::
tuned_studiosorange_cutoutcpe:/a:tuned_studios:orange_cutout::::
tuned_studiosfreeze_themecpe:/a:tuned_studios:freeze_theme::::
tuned_studiosclassic_themecpe:/a:tuned_studios:classic_theme::::
tuned_studioslonely_maplecpe:/a:tuned_studios:lonely_maple::::
tuned_studiossubwoofercpe:/a:tuned_studios:subwoofer::::

Vendor	Product	CPE
tuned_studios	endless	cpe:/a:tuned_studios:endless::::
tuned_studios	music_theme	cpe:/a:tuned_studios:music_theme::::
tuned_studios	orange_cutout	cpe:/a:tuned_studios:orange_cutout::::
tuned_studios	freeze_theme	cpe:/a:tuned_studios:freeze_theme::::
tuned_studios	classic_theme	cpe:/a:tuned_studios:classic_theme::::
tuned_studios	lonely_maple	cpe:/a:tuned_studios:lonely_maple::::
tuned_studios	subwoofer	cpe:/a:tuned_studios:subwoofer::::

References

securityreason.com/securityalert/3532

www.securityfocus.com/archive/1/485991/100/0/threaded

www.securityfocus.com/bid/27196

exchange.xforce.ibmcloud.com/vulnerabilities/39555

www.exploit-db.com/exploits/4876

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.025

Percentile

90.3%

JSON

Related for CVE-2008-0231

cvelist1 nvd1 prion1