CVE-2008-5752

Published Dec 30, 2008

Last updated 10 days ago

CVSS info 4.3

Overview

Description: Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wordpress:page_flip_image_gallery_plugin:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A69E8AF2-7287-4CDA-B3BD-A899926788F6",
            "versionEndIncluding": "0.2.2"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:page_flip_image_gallery_plugin:0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "494EB920-41A9-4B70-908B-200361FB2E9E"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:page_flip_image_gallery_plugin:0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77273E14-62F6-412F-BFB8-D3B9A54853C6"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:page_flip_image_gallery_plugin:0.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90E3FF21-B1D9-432E-BC5F-DAA69D589835"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:page_flip_image_gallery_plugin:0.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3880C31-B666-482A-B09B-9B42D188B459"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:page_flip_image_gallery_plugin:0.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C511C86E-3560-4F44-943C-82C90460736D"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:page_flip_image_gallery_plugin:0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28C030E1-0ECF-4C70-AD38-8CE2A5AF6E7F"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:page_flip_image_gallery_plugin:0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4825659-ECDA-4530-AE80-AC50B1FD4360"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References