NVD

Id
6282  
Name
CVE-2008-6551  
Description
Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) an adminlang cookie to admin/ind_ex.php; or the module parameter to (2) 3rdparty/adminpart/add3rdparty.php, (3) polling/adminpart/addpolling.php, (4) contact/adminpart/addcontact.php, (5) brandnews/adminpart/addbrandnews.php, (6) newsletter/adminpart/addnewsletter.php, (7) game/adminpart/addgame.php, (8) tour/adminpart/addtour.php, (9) articles/adminpart/addarticles.php, (10) product/adminpart/addproduct.php, or (11) plain/adminpart/addplain.php in modules/.  
Reject
 
CVSS Version
2  
CVSS Score
5.1  
Severity
Medium  
CVSS Base Score
5.1  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2009-03-30  
Modified Date
2009-03-30  
Seq
2008-6551  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
36984 6282 CVE-2008-6551 7031  View
36985 6282 CVE-2008-6551 32180  View
36986 6282 CVE-2008-6551 evisioncms-module-file-include(46457)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
41955 JVNDB-2009-002962 e-Vision CMS におけるディレクトリトラバーサルの脆弱性 e-Vision CMS には、magic_quotes_gpc が無効になっている際、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2008-6551 36664 CVE-2008-6551 6282 5.1 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002962.html 2009-03-30 2012-06-26 View