Vulnerability Description
Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dayfox Designs | Dayfox Blog | 4 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/4122
- http://www.securityfocus.com/bid/30538
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44203
- https://www.exploit-db.com/exploits/6203
- http://securityreason.com/securityalert/4122
- http://www.securityfocus.com/bid/30538
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44203
- https://www.exploit-db.com/exploits/6203
FAQ
What is CVE-2008-3564?
CVE-2008-3564 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive...
How severe is CVE-2008-3564?
CVE-2008-3564 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3564?
Check the references section above for vendor advisories and patch information. Affected products include: Dayfox Designs Dayfox Blog.