CVE Vulnerability

CVE-2008-1409

Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.securityfocus.com/bid/28273
http://www.vupen.com/english/advisories/2008/0909/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41238
https://www.exploit-db.com/exploits/5265
Configurations

Configuration 1

cpe:2.3:a:exero:exero_cms:1.0.1:*:*:*:*:*:*:*
Information

Published : 2008-03-20 10:44

Updated : 2017-09-29 01:30

NVD link : CVE-2008-1409

Mitre link : CVE-2008-1409

Products Affected
No products.
CWE
CWE-22