Lucene search

[email protected]CVE-2008-5604

HistoryDec 16, 2008 - 7:07 p.m.

CVE-2008-5604

2008-12-1619:07:32

CWE-22

[email protected]

web.nvd.nist.gov

cve

directory traversal

index.php

my simple forum

magic quotes gpc

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

JSON

Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the action parameter.

Affected configurations

NVD

Node

drennansoftmy_simple_forumMatch3.0

drennansoftmy_simple_forumMatch4.1

CPENameOperatorVersion
drennansoft:my_simple_forumdrennansoft my simple forumeq3.0
drennansoft:my_simple_forumdrennansoft my simple forumeq4.1

CPE	Name	Operator	Version
drennansoft:my_simple_forum	drennansoft my simple forum	eq	3.0
drennansoft:my_simple_forum	drennansoft my simple forum	eq	4.1

References

osvdb.org/50433

secunia.com/advisories/32984

securityreason.com/securityalert/4765

www.securityfocus.com/bid/32643

exchange.xforce.ibmcloud.com/vulnerabilities/47097

www.exploit-db.com/exploits/7342

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2008-5604

cvelist1 nvd1 prion1