Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3723

Overview

Vulnerability Score 6.3 6.3
CVE Id CVE-2008-3723
Last Modified 05 Sep 2008 12:00:00
Published 20 Aug 2008 12:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-3723

Summary

Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Phpizabi 0.848b


References

XF - phpizabi-id-file-include(44509)

BID - 30707

SECUNIA - 31533

MISC - http://packetstormsecurity.org/0808-exploits/phpizabi-traverse.txt

MISC - http://lostmon.blogspot.com/2008/08/phpizabi-v0848b-traversal-file-access.html


Last Updated: 27 May 2016 10:48:16