CVE-2008-1856
Published Apr 16, 2008
Last updated 7 years ago
Overview
- Description
- plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.1
- Impact score
- 6.4
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5C3C962-F6F4-441E-9CE2-80EE8BBF1E52"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2EE653B-2731-4C3E-A7D0-3465276E879C"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "108B066B-28C1-4888-B696-78F816A89B43"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9113509A-C884-46F4-BE97-C49382536FE9"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BD294BF-79FE-4940-B2D1-CB2506370EBB"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00E9B8B3-87E5-46A5-8242-04E620D54086"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E05B25E-8507-4B40-AD6B-835019EF06EB"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C16546DA-1516-47C1-B603-34AF3DE3A9EE"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "656D37D2-289D-49EB-AB25-D8522AB8A79C"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "059C1787-16E2-48BA-96A2-092F58E6F53E"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A16B7211-B340-4E4E-A016-74F7596A7B2B"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F06B06C9-CE7F-45A1-946E-C3D3BF843FDC"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B371E12C-9CB4-4E03-8B1E-F8A858AD5476"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4ECA9FA-1BC3-4644-8A7D-F27DE382B519"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C616987-BB74-4781-850E-22EA77D61D21"
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27827923-6084-46C8-A7E1-94B0B4D181BA"
}
],
"operator": "OR"
}
]
}
]