Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6658

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2008-6658
Last Modified 07 Apr 2009 12:00:00
Published 07 Apr 2009 03:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-6658

Summary

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php.

Vulnerable Systems

Application

  • Simple Machines Forum 1.0.11

  • Simple Machines Forum 1.0.12

  • Simple Machines Forum 1.0.5

  • Simple Machines Forum 1.0.6

  • Simple Machines Forum 1.0.7

  • Simple Machines Forum 1.1 Rc1

  • Simple Machines Forum 1.1 Rc2

  • Simple Machines Forum 1.1 Rc3

  • Simple Machines Forum 1.1.1

  • Simple Machines Forum 1.1.2

  • Simple Machines Forum 1.1.3

  • Simple Machines Forum 1.1.4

  • Simple Machines Forum 1.1.5

  • Simple Machines Forum 1.1.6


References

CONFIRM - http://www.simplemachines.org/community/index.php?topic=272861.0

MILW0RM - 6993

OSVDB - 50070


Last Updated: 27 May 2016 10:49:16