CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-7254

Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the _Root_Path parameter. NOTE: some of these details are obtained from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.2%

CVSS Severity

CVSS v2 Score 6.8

References

http://osvdb.org/63348
http://packetstormsecurity.org/0808-exploits/pepsicms-rfi.txt
http://secunia.com/advisories/39214
http://www.exploit-db.com/exploits/11938
http://osvdb.org/63348
http://packetstormsecurity.org/0808-exploits/pepsicms-rfi.txt
http://secunia.com/advisories/39214
http://www.exploit-db.com/exploits/11938

Products affected by CVE-2008-7254

Ermenegildo Fiorito » Irmin Cms » Version: 0.5

cpe:2.3:a:ermenegildo_fiorito:irmin_cms:0.5
Ermenegildo Fiorito » Irmin Cms » Version: 0.6

cpe:2.3:a:ermenegildo_fiorito:irmin_cms:0.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-7254

Products

Pricing

Contact Us