CVE-2008-6361

Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/32783	Exploit
http://www.securityfocus.com/bid/32783/exploit	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/47276
https://www.exploit-db.com/exploits/7422
http://www.securityfocus.com/bid/32783	Exploit
http://www.securityfocus.com/bid/32783/exploit	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/47276
https://www.exploit-db.com/exploits/7422

Configurations

Configuration 1 (hide)

cpe:2.3:a:insun_podcast:feedcms:1.7.3_19beta:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-03-02 16:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-6361

Mitre link : CVE-2008-6361

CVE.ORG link : CVE-2008-6361

JSON object : View

Products Affected

insun_podcast

feedcms

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2008-6361", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-03-02T16:30:00.610", "references": [{"url": "http://www.securityfocus.com/bid/32783", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32783/exploit", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47276", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/7422", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32783", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/32783/exploit", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47276", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/7422", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en archivo index.php en InSun Feed CMS versi\u00f3n 1.7.3 19Beta, permite a los atacantes remotos incluir y ejecutar archivos locales arbitrarios por medio de secuencias de salto de directorio en el par\u00e1metro lang."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insun_podcast:feedcms:1.7.3_19beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC6D379F-48FA-43A2-AFCC-D1AA63784B55"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}