Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
References
Configurations
History
21 Nov 2024, 00:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://securityreason.com/securityalert/3584 - | |
References | () http://securitytracker.com/id?1019267 - | |
References | () http://www.bugreport.ir/?/29 - | |
References | () http://www.bugreport.ir/?/31 - | |
References | () http://www.securityfocus.com/archive/1/486866/100/0/threaded - | |
References | () http://www.securityfocus.com/archive/1/486868/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/27419 - | |
References | () http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp - | |
References | () https://www.exploit-db.com/exploits/4970 - | |
References | () https://www.exploit-db.com/exploits/4971 - |
Information
Published : 2008-01-29 00:00
Updated : 2024-11-21 00:42
NVD link : CVE-2008-0466
Mitre link : CVE-2008-0466
CVE.ORG link : CVE-2008-0466
JSON object : View
Products Affected
webwiz
- web_wiz_rich_text_editor
- web_wiz_forums
- web_wiz_newspad
CWE
CWE-287
Improper Authentication