CVE-2008-2699

Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/29595	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/42923
https://www.exploit-db.com/exploits/5758
http://www.securityfocus.com/bid/29595	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/42923
https://www.exploit-db.com/exploits/5758

Configurations

Configuration 1 (hide)

cpe:2.3:a:gwm:galatolo_webmanager:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:47

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/29595 - Exploit~~	() http://www.securityfocus.com/bid/29595 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/42923 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/42923 -
References	~~() https://www.exploit-db.com/exploits/5758 -~~	() https://www.exploit-db.com/exploits/5758 -

Information

Published : 2008-06-13 19:41

Updated : 2024-11-21 00:47

NVD link : CVE-2008-2699

Mitre link : CVE-2008-2699

CVE.ORG link : CVE-2008-2699

JSON object : View

Products Affected

gwm

galatolo_webmanager

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2008-2699", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-06-13T19:41:00.000", "references": [{"url": "http://www.securityfocus.com/bid/29595", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42923", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5758", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29595", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42923", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/5758", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en Galatolo WebManager (GWM) 1.0, permite a atacantes remotos incluir y ejecutar ficheros locales de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio en el (1) par\u00e1metro plugin para admin/plugins.php o (2) en el par\u00e1metro com para index.php."}], "lastModified": "2024-11-21T00:47:29.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gwm:galatolo_webmanager:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54A005B3-744A-4BAE-9B3A-68A0696AC2E3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}