Vulnerability Details CVE-2008-0156
Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://securityreason.com/securityalert/3524
- http://www.securityfocus.com/archive/1/485882/100/0/threaded
- http://www.securityfocus.com/bid/27174
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39492
- http://securityreason.com/securityalert/3524
- http://www.securityfocus.com/archive/1/485882/100/0/threaded
- http://www.securityfocus.com/bid/27174
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39492
Products affected by CVE-2008-0156
-
cpe:2.3:a:million_dollar_script:million_dollar_script:2.0.14