Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6834

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-6834
Last Modified 25 Jun 2009 12:00:00
Published 22 Jun 2009 04:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6834

Summary

Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164.

Vulnerable Systems

Application

  • Fuzzylime %28cms%29 3.0.1

  • Fuzzylime %28cms%29 3.0.1a


References

MILW0RM - 6016


Last Updated: 27 May 2016 10:49:22