CVE-2008-5776

Loading...

General

Score:7.5/10.0
Severity:High
Category:Path Manipulation
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 30/12/08 - Updated on 29/09/17

Description

Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Category: Path Manipulation

CWE-22 (Path Traversal)
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Security Notices

US National Vulnerability DatabaseCVE-2008-5776

Exploits

Exploit-DBEDB-7482
SecurityFocusBID-32850

Relative technologies

VendorProduct
apertoblogapertoblog

Share this vulnerability with:

Twitter Facebook LinkedIn Mail