CVE Vulnerability

CVE-2008-4319

fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.

6.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.securityfocus.com/bid/31415 Exploit
http://www.securityfocus.com/archive/1/496742 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/45423
https://www.exploit-db.com/exploits/6567
Configurations

Configuration 1

cpe:2.3:a:libra_file_manager:php_filemanager:1.17:*:*:*:*:*:*:*
cpe:2.3:a:libra_file_manager:php_filemanager:1.03:*:*:*:*:*:*:*
cpe:2.3:a:libra_file_manager:php_filemanager:1.08:*:*:*:*:*:*:*
cpe:2.3:a:libra_file_manager:php_filemanager:1.05:*:*:*:*:*:*:*
cpe:2.3:a:libra_file_manager:php_filemanager:1.00:*:*:*:*:*:*:*
cpe:2.3:a:libra_file_manager:php_filemanager:*:*:*:*:*:*:*:*
Information

Published : 2008-09-29 07:25

Updated : 2017-09-29 01:32

NVD link : CVE-2008-4319

Mitre link : CVE-2008-4319

Products Affected
No products.
CWE
CWE-287