Lucene search

[email protected]CVE-2008-1537

HistoryMar 28, 2008 - 6:44 p.m.

CVE-2008-1537

2008-03-2818:44:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-1537

directory traversal

vulnerability

powerscripts

powerbook 1.21

remote file inclusion

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.043 Low

EPSS

Percentile

92.3%

JSON

Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Affected configurations

NVD

Node

powerscriptspowerbookMatch1.21

CPENameOperatorVersion
powerscripts:powerbookpowerscripts powerbookeq1.21

CPE	Name	Operator	Version
powerscripts:powerbook	powerscripts powerbook	eq	1.21

References

secunia.com/advisories/29480

securityreason.com/securityalert/3783

www.securityfocus.com/archive/1/490008/100/0/threaded

www.securityfocus.com/bid/28418

exchange.xforce.ibmcloud.com/vulnerabilities/41393

www.exploit-db.com/exploits/5302

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.043 Low

EPSS

Percentile

92.3%

JSON

Related for CVE-2008-1537

cvelist1 nvd1 prion1