Vulnerability Details CVE-2008-5678
Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.5%
CVSS Severity
CVSS v2 Score 4.0
References
- http://securityreason.com/securityalert/4790
- http://www.securityfocus.com/bid/31544
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45638
- https://www.exploit-db.com/exploits/6653
- http://securityreason.com/securityalert/4790
- http://www.securityfocus.com/bid/31544
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45638
- https://www.exploit-db.com/exploits/6653
Products affected by CVE-2008-5678
-
cpe:2.3:a:fdgroup:olib7_webview:2.5.1.1