Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5776

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5776
Last Modified 31 Dec 2008 12:00:00
Published 30 Dec 2008 03:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5776

Summary

Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Vulnerable Systems

Application

  • Apertoblog 0.1.1


References

BID - 32850

MILW0RM - 7482


Last Updated: 27 May 2016 10:48:55