Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4358

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4358
Last Modified 19 Aug 2009 01:19:49
Published 30 Sep 2008 02:15:08
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4358

Summary

Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name.

Vulnerable Systems

Application

  • Spaw Editor Spaw Php 1.0

  • Spaw Editor Spaw Php 1.0.1

  • Spaw Editor Spaw Php 1.0.2

  • Spaw Editor Spaw Php 1.0.3

  • Spaw Editor Spaw Php 1.0.4

  • Spaw Editor Spaw Php 1.0.5

  • Spaw Editor Spaw Php 1.0.5a

  • Spaw Editor Spaw Php 1.0.6

  • Spaw Editor Spaw Php 1.0.7

  • Spaw Editor Spaw Php 1.1

  • Spaw Editor Spaw Php 1.2

  • Spaw Editor Spaw Php 1.2.1

  • Spaw Editor Spaw Php 1.2.2

  • Spaw Editor Spaw Php 1.2.3

  • Spaw Editor Spaw Php 2.0.0

  • Spaw Editor Spaw Php 2.0.1

  • Spaw Editor Spaw Php 2.0.2

  • Spaw Editor Spaw Php 2.0.3

  • Spaw Editor Spaw Php 2.0.4

  • Spaw Editor Spaw Php 2.0.4.1

  • Spaw Editor Spaw Php 2.0.5

  • Spaw Editor Spaw Php 2.0.6

  • Spaw Editor Spaw Php 2.0.7

  • Spaw Editor Spaw Php 2.0.8


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=625333&group_id=77954

CONFIRM - http://blog.solmetra.com/2008/09/10/spaw-editor-php-edition-hotfix-release/

XF - spaweditor-themeclass-unspecified(45104)

BID - 31185

CONFIRM - http://spaw.svn.sourceforge.net/viewvc/spaw/spaw2/trunk/class/theme.class.php?r1=151&r2=359

SECUNIA - 31796


Last Updated: 27 May 2016 10:48:28