CVE-2008-0466
Published Jan 29, 2008
Last updated 6 years ago
Overview
- Description
- Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-287
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webwiz:web_wiz_forums:9.07:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67D078BB-71D4-4182-B733-4EAE579CB949"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webwiz:web_wiz_newspad:1.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA2DDB39-D5DA-4696-BBA8-D7CDE2620949"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webwiz:web_wiz_rich_text_editor:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "069C4645-7B6A-430A-89ED-7BB24286FE52"
}
],
"operator": "OR"
}
]
}
]