Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0545

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0545
Last Modified 07 Mar 2011 10:04:52
Published 01 Feb 2008 03:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0545

Summary

Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521.

Vulnerable Systems

Application

  • Bubbling Library 1.32


References

VUPEN - ADV-2008-0347

BID - 27466

MILW0RM - 4991

XF - bubblinglibrary-page-uri-file-include(39969)


Last Updated: 27 May 2016 10:46:50