Vulnerability Details CVE-2008-6126
Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog
- http://secunia.com/advisories/32021
- http://www.majorsecurity.de/index_2.php?major_rls=major_rls55
- http://www.securityfocus.com/bid/31495
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45524
- http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog
- http://secunia.com/advisories/32021
- http://www.majorsecurity.de/index_2.php?major_rls=major_rls55
- http://www.securityfocus.com/bid/31495
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45524
Products affected by CVE-2008-6126
-
cpe:2.3:a:mozilo:mozilocms:1.0
-
cpe:2.3:a:mozilo:mozilocms:1.1
-
cpe:2.3:a:mozilo:mozilocms:1.1.1
-
cpe:2.3:a:mozilo:mozilocms:1.10
-
cpe:2.3:a:mozilo:mozilocms:1.10.1
-
cpe:2.3:a:mozilo:mozilocms:1.10.2
-
cpe:2.3:a:mozilo:mozilocms:1.2
-
cpe:2.3:a:mozilo:mozilocms:1.3
-
cpe:2.3:a:mozilo:mozilocms:1.3.1
-
cpe:2.3:a:mozilo:mozilocms:1.4
-
cpe:2.3:a:mozilo:mozilocms:1.5
-
cpe:2.3:a:mozilo:mozilocms:1.6
-
cpe:2.3:a:mozilo:mozilocms:1.6.1
-
cpe:2.3:a:mozilo:mozilocms:1.6.2
-
cpe:2.3:a:mozilo:mozilocms:1.7
-
cpe:2.3:a:mozilo:mozilocms:1.8
-
cpe:2.3:a:mozilo:mozilocms:1.9
-
cpe:2.3:a:mozilo:mozilocms:1.9.1
-
cpe:2.3:a:mozilo:mozilocms:1.9.2
-
cpe:2.3:a:mozilo:mozilocms:1.9.3