CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-5272

Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the template parameter to (1) starnet/editors/fckeditor/studenteditor.php; (2) starnet/modules/sn_news/edit_content.php, reached through starnet/index.php; and (3) starnet/modules/sn_newsletter/edit_content.php, reached through starnet/index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.029

EPSS Ranking 86.3%

CVSS Severity

CVSS v2 Score 4.0

References

http://secunia.com/advisories/30602
http://securityreason.com/securityalert/4660
http://www.securityfocus.com/bid/29644
https://exchange.xforce.ibmcloud.com/vulnerabilities/42969
https://www.exploit-db.com/exploits/5779
http://secunia.com/advisories/30602
http://securityreason.com/securityalert/4660
http://www.securityfocus.com/bid/29644
https://exchange.xforce.ibmcloud.com/vulnerabilities/42969
https://www.exploit-db.com/exploits/5779

Products affected by CVE-2008-5272

Syndeocms » Syndeocms » Version: 2.6.0

cpe:2.3:a:syndeocms:syndeocms:2.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-5272

Products

Pricing

Contact Us