CVE Vulnerability

CVE-2008-0466

Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://www.bugreport.ir/?/31
http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp
http://securitytracker.com/id?1019267
http://www.bugreport.ir/?/29
http://securityreason.com/securityalert/3584
http://www.securityfocus.com/bid/27419
https://www.exploit-db.com/exploits/4971
https://www.exploit-db.com/exploits/4970
http://www.securityfocus.com/archive/1/486868/100/0/threaded
http://www.securityfocus.com/archive/1/486866/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:webwiz:web_wiz_forums:9.07:*:*:*:*:*:*:*
cpe:2.3:a:webwiz:web_wiz_newspad:1.02:*:*:*:*:*:*:*
cpe:2.3:a:webwiz:web_wiz_rich_text_editor:4.0:*:*:*:*:*:*:*
Information

Published : 2008-01-29 12:00

Updated : 2018-10-15 10:00

NVD link : CVE-2008-0466

Mitre link : CVE-2008-0466

Products Affected
No products.
CWE
CWE-287