CVE-2008-3555
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
08/08/2008
Last modified:
29/09/2017
Description
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:wsn:forum:*:*:*:*:*:*:*:* | 4.1.43 (including) | |
| cpe:2.3:a:wsn:gallery:*:*:*:*:*:*:*:* | 4.1.30 (including) | |
| cpe:2.3:a:wsn:knowledge_base:*:*:*:*:*:*:*:* | 4.1.36 (including) | |
| cpe:2.3:a:wsn:links:4.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wsn:links:4.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wsn:links:4.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wsn:links:4.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wsn:links:4.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wsn:links:4.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wsn:links:4.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wsn:links:4.0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wsn:links:4.0.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wsn:links:4.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wsn:links:4.0.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wsn:links:4.0.11:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page