Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5272

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2008-5272
Last Modified 29 Jan 2009 01:58:46
Published 28 Nov 2008 02:00:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-5272

Summary

Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the template parameter to (1) starnet/editors/fckeditor/studenteditor.php; (2) starnet/modules/sn_news/edit_content.php, reached through starnet/index.php; and (3) starnet/modules/sn_newsletter/edit_content.php, reached through starnet/index.php.

Vulnerable Systems

Application

  • Syndeocms 2.6.0


References

XF - syndeocms-template-file-include(42969)

BID - 29644

MILW0RM - 5779

SREASON - 4660

SECUNIA - 30602


Last Updated: 27 May 2016 10:48:46