CVE-2008-2650

Current Description

Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.

Evaluator Description

Upgrade requires login when downloads link is clicked from X-Force site.

Basic Data

PublishedJune 10, 2008
Last ModifiedSeptember 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-22
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCmsimpleCmsimple3.1*******

Vulnerable Software List

VendorProductVersions
Cmsimple Cmsimple 3.1

References

NameSourceURLTags
45881http://osvdb.org/45881OSVDB
30463http://secunia.com/advisories/30463SECUNIAVendor Advisory
http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17CONFIRM
29450http://www.securityfocus.com/bid/29450BIDExploit
cmsimple-index-file-include(42792)https://exchange.xforce.ibmcloud.com/vulnerabilities/42792XF
cmsimple-index-file-upload(42793)https://exchange.xforce.ibmcloud.com/vulnerabilities/42793XF
5700https://www.exploit-db.com/exploits/5700EXPLOIT-DB