Vulnerability CVE-2008-4319


Published: 2008-09-29   Modified: 2012-02-12

Description:
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Libra file manager -> Php filemanager 

 References:
http://xforce.iss.net/xforce/xfdb/45423
http://www.securityfocus.com/bid/31415
http://www.securityfocus.com/archive/1/496742
http://www.milw0rm.com/exploits/6567

Copyright 2024, cxsecurity.com

 

Back to Top