Lucene search

MitreCVE-2008-0458

HistoryJan 25, 2008 - 4:00 p.m.

CVE-2008-0458

2008-01-2516:00:00

CWE-22

mitre

web.nvd.nist.gov

cve

2008

0458

directory traversal

vulnerability

slaed cms 2.5 lite

remote attackers

arbitrary execution

local files

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.013

Percentile

85.9%

JSON

Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the newlang parameter to index.php.

Affected configurations

Nvd

Node

slaedslaed_cmsMatch2.5_lite

VendorProductVersionCPE
slaedslaed_cms2.5_litecpe:2.3:a:slaed:slaed_cms:2.5_lite:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
slaed	slaed_cms	2.5_lite	cpe:2.3:a:slaed:slaed_cms:2.5_lite:::::::*

References

www.securityfocus.com/bid/27426

www.vupen.com/english/advisories/2008/0308

exchange.xforce.ibmcloud.com/vulnerabilities/39897

www.exploit-db.com/exploits/4975

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.013

Percentile

85.9%

JSON

Related for CVE-2008-0458