Lucene search

[email protected]CVE-2008-6253

HistoryFeb 24, 2009 - 6:30 p.m.

CVE-2008-6253

2009-02-2418:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2008

6253

directory traversal

vulnerability

pluck 4.5.3

remote attackers

arbitrary files

execution

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.031 Low

EPSS

Percentile

91.1%

JSON

Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter.

Affected configurations

NVD

Node

pluck-cmspluckMatch4.5.3

CPENameOperatorVersion
pluck-cms:pluckpluck-cms pluckeq4.5.3

CPE	Name	Operator	Version
pluck-cms:pluck	pluck-cms pluck	eq	4.5.3

References

secunia.com/advisories/32736

www.pluck-cms.org/index.php?file=kop11.php

www.securityfocus.com/archive/1/498438

www.securityfocus.com/bid/32342

exchange.xforce.ibmcloud.com/vulnerabilities/46676

www.exploit-db.com/exploits/7153

Social References

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.031 Low

EPSS

Percentile

91.1%

JSON

Related for CVE-2008-6253

prion1 nvd1 cvelist1