CVE-2008-6265
published 2009-02-24CVE-2008-6265: Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7.12.2 and earlier allows remote attackers to include and execute arbitrary local files…
PriorityP340medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.86%
76.5th percentile
Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7.12.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyberfolio | cyberfolio | <= 7.12.2 | — |
| cyberfolio | cyberfolio | — | — |
| cyberfolio | cyberfolio | — | — |
| cyberfolio | cyberfolio | — | — |
| cyberfolio | cyberfolio | — | — |
| cyberfolio | cyberfolio | — | — |
| cyberfolio | cyberfolio | — | — |
| cyberfolio | cyberfolio | — | — |
| cyberfolio | cyberfolio | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Cyberfolio css.php theme Parameter Local File Inclusion
suricata·2010-07-30·CVSS 6.8
CVE-2008-6265 [MEDIUM] ET WEB_SPECIFIC_APPS Cyberfolio css.php theme Parameter Local File Inclusion
ET WEB_SPECIFIC_APPS Cyberfolio css.php theme Parameter Local File Inclusion
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Cyberfolio css.php theme Parameter Local File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/portfolio/css.php?"; fast_pattern; nocase; content:"theme="; nocase; http.uri.raw; url_decode; content:"|2e 2e 2f|"; reference:cve,CVE-2008-6265; reference:url,milw0rm.com/exploits/7065; reference:url,vupen.com/english/advisories/2008/3070; reference:bugtraq,32218; classtype:web-application-attack; sid:2009764; rev:9; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2010_07_30, deployment Perimeter, deployment Internal, deployment Datacenter, confidence High, signat
No writeups or analysis indexed.
http://www.securityfocus.com/bid/32218http://www.vupen.com/english/advisories/2008/3070https://exchange.xforce.ibmcloud.com/vulnerabilities/46490https://www.exploit-db.com/exploits/7065http://www.securityfocus.com/bid/32218http://www.vupen.com/english/advisories/2008/3070https://exchange.xforce.ibmcloud.com/vulnerabilities/46490https://www.exploit-db.com/exploits/7065
2009-02-24
Published