Lucene search

MitreCVE-2008-3851

HistoryAug 27, 2008 - 11:41 p.m.

CVE-2008-3851

2008-08-2723:41:00

CWE-22

mitre

web.nvd.nist.gov

cve-2008-3851

directory traversal

pluck cms

windows

remote attack

arbitrary file execution

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.3

Confidence

Low

EPSS

0.015

Percentile

87.0%

JSON

Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a …\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194.

Affected configurations

Nvd

Node

microsoftwindows

AND

pluckpluckMatch4.5.2

VendorProductVersionCPE
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
pluckpluck4.5.2cpe:2.3:a:pluck:pluck:4.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	*	cpe:2.3:o:microsoft:windows::::::::
pluck	pluck	4.5.2	cpe:2.3:a:pluck:pluck:4.5.2:::::::*

References

secunia.com/advisories/31607

securityreason.com/securityalert/4195

www.pluck-cms.org/releasenotes.php#4.5.3

www.securityfocus.com/archive/1/495706/100/0/threaded

www.securityfocus.com/bid/30820

exchange.xforce.ibmcloud.com/vulnerabilities/44677

www.exploit-db.com/exploits/6300

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.3

Confidence

Low

EPSS

0.015

Percentile

87.0%

JSON

Related for CVE-2008-3851