Lucene search

[email protected]CVE-2008-3164

HistoryJul 14, 2008 - 11:41 p.m.

CVE-2008-3164

2008-07-1423:41:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-3164

fuzzylime cms

directory traversal

vulnerability

blog.php

remote code execution

nvd

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.

Affected configurations

NVD

Node

fuzzylimefuzzylime_cmsMatch3.01

CPENameOperatorVersion
fuzzylime:fuzzylime_cmsfuzzylime fuzzylime cmseq3.01

CPE	Name	Operator	Version
fuzzylime:fuzzylime_cms	fuzzylime fuzzylime cms	eq	3.01

References

downloads.securityfocus.com/vulnerabilities/exploits/30121.pl

secunia.com/advisories/30930

www.securityfocus.com/bid/30121

www.vupen.com/english/advisories/2008/2015/references

exchange.xforce.ibmcloud.com/vulnerabilities/43606

exchange.xforce.ibmcloud.com/vulnerabilities/43939

www.exploit-db.com/exploits/6016

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for CVE-2008-3164

prion2 nvd2 cvelist2 cve1