CVE-2008-6265

Published Feb 24, 2009

Last updated 7 years ago

Overview

Description: Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7.12.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C7F6C78-7084-489D-A4A3-FB6B07E75CC2",
            "versionEndIncluding": "7.12.2"
          },
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02EB7C79-CA67-4461-A000-545F821DFB93"
          },
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:1.2:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C908B9B-075D-4FB0-8725-AE2851423AE3"
          },
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9084E735-DB98-4257-888A-62B8835DE487"
          },
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:2.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AACD235E-2852-4BAC-989C-608B94CAEEE7"
          },
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:2.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53E35815-270B-44E5-820D-E972AF3E57F9"
          },
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:2.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6208BD02-AE03-4859-BEFF-8B055EA3AF69"
          },
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F3A728A-FFFD-4CF1-8F1C-8DCA8F14458F"
          },
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CE6D42A-0EA8-4057-BDD6-E26D8C26C407"
          },
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48A3E319-D2AE-491E-B42C-9F0FC559B355"
          },
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:7.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCC7D981-5F44-45A5-A1C4-3E8DD852EFAF"
          },
          {
            "criteria": "cpe:2.3:a:cyberfolio:cyberfolio:7.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ACFF9DB-D928-4891-BFAB-EF69591089E0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References