Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3675

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3675
Last Modified 06 Feb 2009 01:57:59
Published 14 Aug 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3675

Summary

Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Gelatocms 0.95


References

XF - gelatocms-imgsize-directory-traversal(44416)

BID - 30672

MILW0RM - 6235

SREASON - 4154

SECUNIA - 31456


Last Updated: 27 May 2016 10:48:16