CVE-2008-6126
published 2009-02-13CVE-2008-6126: Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.89%
85.2th percentile
Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilo | mozilocms | <= 1.10.2 | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
| mozilo | mozilocms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wq4m-8vc3-w683: Multiple directory traversal vulnerabilities in moziloCMS 1
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2008-6126 [MEDIUM] CWE-22 GHSA-wq4m-8vc3-w683: Multiple directory traversal vulnerabilities in moziloCMS 1
Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589.
GHSA
GHSA-pr8c-p832-89qp: Directory traversal vulnerability in index
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2009-1368 [MEDIUM] CWE-22 GHSA-pr8c-p832-89qp: Directory traversal vulnerability in index
Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.
No detection rules found.
No writeups or analysis indexed.
http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changeloghttp://secunia.com/advisories/32021http://www.majorsecurity.de/index_2.php?major_rls=major_rls55http://www.securityfocus.com/bid/31495https://exchange.xforce.ibmcloud.com/vulnerabilities/45524http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changeloghttp://secunia.com/advisories/32021http://www.majorsecurity.de/index_2.php?major_rls=major_rls55http://www.securityfocus.com/bid/31495https://exchange.xforce.ibmcloud.com/vulnerabilities/45524
2009-02-13
Published