Lucene search

[email protected]CVE-2008-6659

HistoryApr 07, 2009 - 7:30 p.m.

CVE-2008-6659

2009-04-0719:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-6659

directory traversal

smf

remote code execution

vulnerability

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.

Affected configurations

NVD

Node

simple_machinessimple_machines_forumMatch1.0.5

simple_machinessimple_machines_forumMatch1.0.6

simple_machinessimple_machines_forumMatch1.0.7

simple_machinessimple_machines_forumMatch1.0.11

simple_machinessimple_machines_forumMatch1.0.12

simple_machinessimple_machines_forumMatch1.1.1

simple_machinessimple_machines_forumMatch1.1.2

simple_machinessimple_machines_forumMatch1.1.3

simple_machinessimple_machines_forumMatch1.1.4

simple_machinessimple_machines_forumMatch1.1.5

simple_machinessimple_machines_forumMatch1.1.6

simple_machinessimple_machines_forumMatch1.1_rc1

simple_machinessimple_machines_forumMatch1.1_rc2

simple_machinessimple_machines_forumMatch1.1_rc3

CPENameOperatorVersion
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.5
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.6
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.7
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.11
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.12
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1.1
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1.2
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1.3
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1.4
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1.5

CPE	Name	Operator	Version
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.5
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.6
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.7
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.11
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.12
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1.1
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1.2
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1.3
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1.4
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1.5

Rows per page:

1-10 of 141

References

osvdb.org/50072

secunia.com/advisories/32516

www.securityfocus.com/bid/32139

www.simplemachines.org/community/index.php?topic=272861.0

www.exploit-db.com/exploits/7011

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2008-6659

prion1 cvelist1 nvd1 openvas2