CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-1856

plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.034

EPSS Ranking 87.0%

CVSS Severity

CVSS v2 Score 5.1

References

Products affected by CVE-2008-1856

Linpha » Linpha » Version: Any

cpe:2.3:a:linpha:linpha:*
Linpha » Linpha » Version: 0.9.0

cpe:2.3:a:linpha:linpha:0.9.0
Linpha » Linpha » Version: 0.9.1

cpe:2.3:a:linpha:linpha:0.9.1
Linpha » Linpha » Version: 0.9.2

cpe:2.3:a:linpha:linpha:0.9.2
Linpha » Linpha » Version: 0.9.3

cpe:2.3:a:linpha:linpha:0.9.3
Linpha » Linpha » Version: 0.9.4

cpe:2.3:a:linpha:linpha:0.9.4
Linpha » Linpha » Version: 1.0

cpe:2.3:a:linpha:linpha:1.0
Linpha » Linpha » Version: 1.1.0

cpe:2.3:a:linpha:linpha:1.1.0
Linpha » Linpha » Version: 1.1.1

cpe:2.3:a:linpha:linpha:1.1.1
Linpha » Linpha » Version: 1.2.0

cpe:2.3:a:linpha:linpha:1.2.0
Linpha » Linpha » Version: 1.3.0

cpe:2.3:a:linpha:linpha:1.3.0
Linpha » Linpha » Version: 1.3.1

cpe:2.3:a:linpha:linpha:1.3.1
Linpha » Linpha » Version: 1.3.2

cpe:2.3:a:linpha:linpha:1.3.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-1856

Products

Pricing

Contact Us