Lucene search

MitreCVE-2008-6201

HistoryFeb 20, 2009 - 1:30 a.m.

CVE-2008-6201

2009-02-2001:30:05

CWE-22

mitre

web.nvd.nist.gov

cve-2008-6201

directory traversal

vulnerability

kwsphp

remote attackers

arbitrary commands

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.012

Percentile

85.0%

JSON

Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

kwsphpkwsphpMatch1.3.456

VendorProductVersionCPE
kwsphpkwsphp1.3.456cpe:2.3:a:kwsphp:kwsphp:1.3.456:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kwsphp	kwsphp	1.3.456	cpe:2.3:a:kwsphp:kwsphp:1.3.456:::::::*

References

koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=49

secunia.com/advisories/29802

www.securityfocus.com/archive/1/490861

www.securityfocus.com/bid/28788

www.vupen.com/english/advisories/2008/1241/references

exchange.xforce.ibmcloud.com/vulnerabilities/41950

www.exploit-db.com/exploits/5449

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.012

Percentile

85.0%

JSON

Related for CVE-2008-6201