Vulnerability Description
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cmscout | Cmscout | 2.05 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31243ExploitVendor Advisory
- http://securityreason.com/securityalert/4093
- http://www.cmscout.co.za/index.php?page=news&id=29
- http://www.securityfocus.com/bid/30385
- http://www.vupen.com/english/advisories/2008/2218/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44017
- https://www.exploit-db.com/exploits/6142
- http://secunia.com/advisories/31243ExploitVendor Advisory
- http://securityreason.com/securityalert/4093
- http://www.cmscout.co.za/index.php?page=news&id=29
- http://www.securityfocus.com/bid/30385
- http://www.vupen.com/english/advisories/2008/2218/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44017
- https://www.exploit-db.com/exploits/6142
FAQ
What is CVE-2008-3415?
CVE-2008-3415 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences...
How severe is CVE-2008-3415?
CVE-2008-3415 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3415?
Check the references section above for vendor advisories and patch information. Affected products include: Cmscout Cmscout.