CVE-2008-5748
published 2008-12-29CVE-2008-5748: Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2)…
PriorityP354high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EXPLOIT
EPSS
10.42%
95.2th percentile
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bloofox | bloofoxcms | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
External Control of File Name or Path
mitre_cwe
CWE-73 External Control of File Name or Path
CWE-73: External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
This could allow an attacker to access or modify system files or other files that are critical to the application. Path manipulation errors occur when the following two conditions are met: 1. An attacker can specify a path used in an operation on the filesystem. 2. By specifying the resource, the attacker gains a capability that would not otherwise be permitted. For example, the program may give the attacker the ability to overwrite the specified file or run with a configuration controlled by the attacker.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Note: REALIZATION: This weakness is caused during
CWE
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
mitre_cwe
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Many file operations are intended to take place within a restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the "../" sequence, which in most modern operating systems is inte
http://osvdb.org/51006http://secunia.com/advisories/33135http://securityreason.com/securityalert/4820http://www.securityfocus.com/bid/33013https://exchange.xforce.ibmcloud.com/vulnerabilities/47611https://www.exploit-db.com/exploits/7580http://osvdb.org/51006http://secunia.com/advisories/33135http://securityreason.com/securityalert/4820http://www.securityfocus.com/bid/33013https://exchange.xforce.ibmcloud.com/vulnerabilities/47611https://www.exploit-db.com/exploits/7580
2008-12-29
Published