CVE-2008-1856 - OpenCVE

plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linpha	Linpha

Configuration 1 [-]

OR	cpe:2.3:a:linpha:linpha::::::::
	cpe:2.3:a:linpha:linpha:0.9.0:::::::*
	cpe:2.3:a:linpha:linpha:0.9.1:::::::*
	cpe:2.3:a:linpha:linpha:0.9.2:::::::*
	cpe:2.3:a:linpha:linpha:0.9.3:::::::*
	cpe:2.3:a:linpha:linpha:0.9.4:::::::*
	cpe:2.3:a:linpha:linpha:1.0:beta1::::::
	cpe:2.3:a:linpha:linpha:1.0:beta2::::::
	cpe:2.3:a:linpha:linpha:1.0:beta3::::::
	cpe:2.3:a:linpha:linpha:1.0:rc1::::::
	cpe:2.3:a:linpha:linpha:1.1.0:::::::*
	cpe:2.3:a:linpha:linpha:1.1.1:::::::*
	cpe:2.3:a:linpha:linpha:1.2.0:::::::*
	cpe:2.3:a:linpha:linpha:1.3.0:::::::*
	cpe:2.3:a:linpha:linpha:1.3.1:::::::*
	cpe:2.3:a:linpha:linpha:1.3.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/29724
http://sourceforge.net/project/shownotes.php?release_id=595725
http://www.osvdb.org/50229
http://www.securityfocus.com/bid/28654
http://www.vupen.com/english/advisories/2008/1136
https://exchange.xforce.ibmcloud.com/vulnerabilities/41676
https://www.exploit-db.com/exploits/5392

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-04-16T19:00:00

Updated: 2024-08-07T08:40:59.408Z

Reserved: 2008-04-16T00:00:00

Link: CVE-2008-1856

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-04-16T19:05:00.000

Modified: 2017-09-29T01:30:53.507

Link: CVE-2008-1856

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-07T00:00:00", "descriptions": [{"lang": "en", "value": "plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "linpha-mapmainclass-file-include(41676)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"}, {"name": "5392", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5392"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=595725"}, {"name": "50229", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/50229"}, {"name": "29724", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29724"}, {"name": "28654", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28654"}, {"name": "ADV-2008-1136", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1136"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1856", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "linpha-mapmainclass-file-include(41676)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"}, {"name": "5392", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5392"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=595725", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=595725"}, {"name": "50229", "refsource": "OSVDB", "url": "http://www.osvdb.org/50229"}, {"name": "29724", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29724"}, {"name": "28654", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28654"}, {"name": "ADV-2008-1136", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1136"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:40:59.408Z"}, "title": "CVE Program Container", "references": [{"name": "linpha-mapmainclass-file-include(41676)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"}, {"name": "5392", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5392"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=595725"}, {"name": "50229", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/50229"}, {"name": "29724", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29724"}, {"name": "28654", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28654"}, {"name": "ADV-2008-1136", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1136"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1856", "datePublished": "2008-04-16T19:00:00", "dateReserved": "2008-04-16T00:00:00", "dateUpdated": "2024-08-07T08:40:59.408Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5C3C962-F6F4-441E-9CE2-80EE8BBF1E52", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2EE653B-2731-4C3E-A7D0-3465276E879C", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "108B066B-28C1-4888-B696-78F816A89B43", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "9113509A-C884-46F4-BE97-C49382536FE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "5BD294BF-79FE-4940-B2D1-CB2506370EBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "00E9B8B3-87E5-46A5-8242-04E620D54086", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "0E05B25E-8507-4B40-AD6B-835019EF06EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "C16546DA-1516-47C1-B603-34AF3DE3A9EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "656D37D2-289D-49EB-AB25-D8522AB8A79C", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "059C1787-16E2-48BA-96A2-092F58E6F53E", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A16B7211-B340-4E4E-A016-74F7596A7B2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F06B06C9-CE7F-45A1-946E-C3D3BF843FDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B371E12C-9CB4-4E03-8B1E-F8A858AD5476", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4ECA9FA-1BC3-4644-8A7D-F27DE382B519", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C616987-BB74-4781-850E-22EA77D61D21", "vulnerable": true}, {"criteria": "cpe:2.3:a:linpha:linpha:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "27827923-6084-46C8-A7E1-94B0B4D181BA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration."}, {"lang": "es", "value": "plugins/maps/db_handler.php en LinPHA 1.3.3 y anteriores no requiere autenticaci\u00f3n para una acci\u00f3n \"settings\" que modifica el fichero de configuraci\u00f3n, lo que permite a atacantes remotos llevar a cabo ataque de salto de directorio y ejecutar archivos locales de su elecci\u00f3n colocando secuencias de salto de directorio en la configuraci\u00f3n de maps_type y a continuaci\u00f3n enviando la petici\u00f3n a maps_view.php, lo que provoca que plugins/maps/map.main.class.php use la configuraci\u00f3n modificada."}], "id": "CVE-2008-1856", "lastModified": "2017-09-29T01:30:53.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-16T19:05:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29724"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=595725"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/50229"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28654"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1136"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5392"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}