CVE-2008-3926 - OpenCVE

Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hans Oesterholt	Cmme

Configuration 1 [-]

cpe:2.3:a:hans_oesterholt:cmme:1.12:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/31599
http://securityreason.com/securityalert/4220
http://www.securityfocus.com/bid/30854
https://exchange.xforce.ibmcloud.com/vulnerabilities/44683
https://exchange.xforce.ibmcloud.com/vulnerabilities/44687
https://www.exploit-db.com/exploits/6313

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-04T18:00:00

Updated: 2024-08-07T10:00:41.142Z

Reserved: 2008-09-04T00:00:00

Link: CVE-2008-3926

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-09-04T18:41:00.000

Modified: 2017-09-29T01:31:54.697

Link: CVE-2008-3926

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-26T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "cmme-env-file-include(44683)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44683"}, {"name": "31599", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31599"}, {"name": "30854", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30854"}, {"name": "4220", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4220"}, {"name": "cmme-admin-directory-traversal(44687)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44687"}, {"name": "6313", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6313"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3926", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cmme-env-file-include(44683)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44683"}, {"name": "31599", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31599"}, {"name": "30854", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30854"}, {"name": "4220", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4220"}, {"name": "cmme-admin-directory-traversal(44687)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44687"}, {"name": "6313", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6313"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:00:41.142Z"}, "title": "CVE Program Container", "references": [{"name": "cmme-env-file-include(44683)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44683"}, {"name": "31599", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31599"}, {"name": "30854", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30854"}, {"name": "4220", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4220"}, {"name": "cmme-admin-directory-traversal(44687)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44687"}, {"name": "6313", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6313"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3926", "datePublished": "2008-09-04T18:00:00", "dateReserved": "2008-09-04T00:00:00", "dateUpdated": "2024-08-07T10:00:41.142Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hans_oesterholt:cmme:1.12:*:*:*:*:*:*:*", "matchCriteriaId": "63FA730E-6D1F-4F8B-A4CA-FF5A0B4CAC17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en Content Management Made Easy (CMME) 1.12, permite a atacantes remotos (1) leer archivos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro \"env\" en una acci\u00f3n weblog al index.php o (2), crear directorios de su elecci\u00f3n a trav\u00e9s de ..(punto punto) en el par\u00e1metro \"env\" en una acci\u00f3n login en admin.php."}], "id": "CVE-2008-3926", "lastModified": "2017-09-29T01:31:54.697", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-04T18:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/31599"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4220"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/30854"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44683"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44687"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6313"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}