exploitDog

CVE-2008-0466

Опубликовано: 29 янв. 2008

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webwiz:web_wiz_forums:9.07:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:webwiz:web_wiz_newspad:1.02:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:webwiz:web_wiz_rich_text_editor:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12282

Средний

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-qxjq-q2r2-ccg4

github

почти 4 года назад

Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.

EPSS

Процентиль: 94%

0.12282

Средний

5 Medium

CVSS2

Дефекты

CWE-287