Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4319

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-4319
Last Modified 19 Aug 2009 01:19:43
Published 29 Sep 2008 03:25:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4319

Summary

fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.

Vulnerable Systems

Application

  • Libra File Manager Php Filemanager 1.00

  • Libra File Manager Php Filemanager 1.03

  • Libra File Manager Php Filemanager 1.05

  • Libra File Manager Php Filemanager 1.08

  • Libra File Manager Php Filemanager 1.17

  • Libra File Manager Php Filemanager 1.18


References

XF - librafilemanager-fileadmin-security-bypass(45423)

BID - 31415

BUGTRAQ - 20080925 Fwd: Returned post for bugtraq@securityfocus.com

MILW0RM - 6567


Last Updated: 27 May 2016 10:48:27