Lucene search

[email protected]CVE-2008-4486

HistoryOct 08, 2008 - 2:00 a.m.

CVE-2008-4486

2008-10-0802:00:01

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-4486

directory traversal

sac.php

yerba 6.3

remote execution

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.6%

JSON

Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the mod parameter.

Affected configurations

NVD

Node

yerbayerbaRange≤6.3

yerbayerbaMatch6.28

CPENameOperatorVersion
yerba:yerbayerbale6.3
yerba:yerbayerbaeq6.28

CPE	Name	Operator	Version
yerba:yerba	yerba	le	6.3
yerba:yerba	yerba	eq	6.28

References

secunia.com/advisories/32093

securityreason.com/securityalert/4368

www.securityfocus.com/archive/1/497103

www.securityfocus.com/bid/31606

www.vupen.com/english/advisories/2008/2754

exchange.xforce.ibmcloud.com/vulnerabilities/45708

www.exploit-db.com/exploits/6687

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.6%

JSON

Related for CVE-2008-4486

prion1 cvelist1 nvd1