Vulnerability Description
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php Web Explorer | Php Web Explorer Lite | <= 0.99b |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=122332154511973&w=2
- http://securityreason.com/securityalert/4371
- http://www.securityfocus.com/bid/31595
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45691
- http://marc.info/?l=bugtraq&m=122332154511973&w=2
- http://securityreason.com/securityalert/4371
- http://www.securityfocus.com/bid/31595
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45691
FAQ
What is CVE-2008-4499?
CVE-2008-4499 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to ...
How severe is CVE-2008-4499?
CVE-2008-4499 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4499?
Check the references section above for vendor advisories and patch information. Affected products include: Php Web Explorer Php Web Explorer Lite.