Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2415

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2415
Last Modified 05 Sep 2008 05:40:18
Published 22 May 2008 09:09:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2415

Summary

Directory traversal vulnerability in template/purpletech/base_include.php in DigitalHive (aka hive) 2.0 RC2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

Vulnerable Systems

Application

  • Digitalhive 2.0


References

XF - digitalhive-baseinclude-file-include(42495)

MISC - http://www.z0rlu.ownspace.org/index.php?/archives/85-hive-v2.0-RC2-LFi.html

BID - 29255


Last Updated: 27 May 2016 10:47:52