Vulnerability Description
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wsn | Forum | <= 4.1.43 |
| Wsn | Gallery | <= 4.1.30 |
| Wsn | Knowledge Base | <= 4.1.36 |
| Wsn | Links | 4.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31392
- http://securityreason.com/securityalert/4120
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44236
- https://www.exploit-db.com/exploits/6208
- http://secunia.com/advisories/31392
- http://securityreason.com/securityalert/4120
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44236
- https://www.exploit-db.com/exploits/6208
FAQ
What is CVE-2008-3555?
CVE-2008-3555 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and pos...
How severe is CVE-2008-3555?
CVE-2008-3555 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3555?
Check the references section above for vendor advisories and patch information. Affected products include: Wsn Forum, Wsn Gallery, Wsn Knowledge Base, Wsn Links.