NVD

Id
3049  
Name
CVE-2008-3165  
Description
Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2008-07-14  
Modified Date
2009-01-29  
Seq
2008-3165  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
19445 3049 CVE-2008-3165 3995  View
19446 3049 CVE-2008-3165 6009  View
19447 3049 CVE-2008-3165 30103  View
19448 3049 CVE-2008-3165 fuzzylimecms-rss-file-include(43605)  View
19449 3049 CVE-2008-3165 fuzzylimecms-content-command-execution(43606)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
47935 JVNDB-2008-003245 fuzzylime (cms) の rss.php におけるディレクトリトラバーサルの脆弱性 fuzzylime (cms) の rss.php には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2008-3165 33278 CVE-2008-3165 3049 6.8 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003245.html 2008-07-14 2012-06-26 View