CVE-2008-5748

Description

Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Bloofox / bloofoxCMS0.3.4 – 0.3.4

References

EXPLOIThttps://www.exploit-db.com/exploits/7580
VENDOR_ADVISORYhttp://secunia.com/advisories/33135
MISChttp://securityreason.com/securityalert/4820
MISChttp://osvdb.org/51006
MISChttp://www.securityfocus.com/bid/33013
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/47611