Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3851

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3851
Last Modified 29 Jan 2009 01:54:37
Published 27 Aug 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3851

Summary

Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194.

Vulnerable Systems

Application

  • Pluck 4.5.2


References

BID - 30820

XF - pluck-index-file-include(44677)

BUGTRAQ - 20080825 [DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2

CONFIRM - http://www.pluck-cms.org/releasenotes.php#4.5.3

MILW0RM - 6300

SREASON - 4195

SECUNIA - 31607


Last Updated: 27 May 2016 10:48:19