Vulnerability Details CVE-2008-1400
Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://aluigi.altervista.org/adv/netinsp-adv.txt
- http://secunia.com/advisories/29421
- http://www.securityfocus.com/archive/1/489704/100/0/threaded
- http://www.securityfocus.com/bid/28266
- https://www.exploit-db.com/exploits/5269
- http://aluigi.altervista.org/adv/netinsp-adv.txt
- http://secunia.com/advisories/29421
- http://www.securityfocus.com/archive/1/489704/100/0/threaded
- http://www.securityfocus.com/bid/28266
- https://www.exploit-db.com/exploits/5269
Products affected by CVE-2008-1400
-
cpe:2.3:a:mg-soft:net_inspector:6.5.0.828