Vulnerability Details CVE-2008-4319
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.8%
CVSS Severity
CVSS v2 Score 6.4
References
- http://www.securityfocus.com/archive/1/496742
- http://www.securityfocus.com/bid/31415
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45423
- https://www.exploit-db.com/exploits/6567
- http://www.securityfocus.com/archive/1/496742
- http://www.securityfocus.com/bid/31415
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45423
- https://www.exploit-db.com/exploits/6567
Products affected by CVE-2008-4319
-
cpe:2.3:a:libra_file_manager:php_filemanager:*
-
cpe:2.3:a:libra_file_manager:php_filemanager:1.00
-
cpe:2.3:a:libra_file_manager:php_filemanager:1.03
-
cpe:2.3:a:libra_file_manager:php_filemanager:1.05
-
cpe:2.3:a:libra_file_manager:php_filemanager:1.08
-
cpe:2.3:a:libra_file_manager:php_filemanager:1.17