CVE-2008-1856

Опубликовано: 16 апр. 2008

Источник: nvd

CVSS2: 5.1

EPSS Низкий

Описание

plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:1.0:beta1:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:1.0:beta2:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:1.0:beta3:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:linpha:linpha:1.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.04024

Низкий

5.1 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-rrcf-jjfc-28h5

github

почти 4 года назад