Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0478


Vulnerability Score 6.8 6.8
CVE Id CVE-2008-0478
Last Modified 05 Sep 2008 12:00:00
Published 29 Jan 2008 03:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php.

Vulnerable Systems


  • Setcms 3.6.5


XF - setcms-index-file-include(39864)

BID - 27407

MILW0RM - 4962

Last Updated: 27 May 2016 10:46:49