CVE-2008-3555

Published Aug 8, 2008
Last updated a month ago
CVSS info 6.8
Overview

Description: Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
Source: cve@mitre.org
NVD status: Deferred
Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-22
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wsn:forum:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C7106D8-E0FF-477E-9F02-D84B2351D302",
            "versionEndIncluding": "4.1.43"
          },
          {
            "criteria": "cpe:2.3:a:wsn:gallery:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4C79627-FB50-4962-A650-FD352D1B6DC8",
            "versionEndIncluding": "4.1.30"
          },
          {
            "criteria": "cpe:2.3:a:wsn:knowledge_base:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF28E434-C74C-4CCF-A5DE-649B8B8A3DF2",
            "versionEndIncluding": "4.1.36"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "760A9211-9646-406F-B7CA-438D3E0E66A2"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC09F045-5CCF-4A62-8C69-6567CAD32EFC"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2E3A89E-56FE-4C68-963F-3E97A48BA279"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1706938-BBC5-4D43-99DE-86995A6FDD60"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36BB81FF-58DF-4FAB-886A-CDF2603ED38C"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD38CE7B-2E32-4DD6-AFA1-4C4DCF04F9AC"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "809E8844-243C-475A-A620-A942477162D7"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BC3FFDD-6DC9-4FFF-AD50-030DD7BFAA2B"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "867CA8A2-0E8D-4824-9DD6-4878BF46078C"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21819F3A-AB24-4BAF-A067-8672E825CF1B"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83BF0DA3-BBC9-4CD8-9848-F9A0C30C9B58"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB36FEB6-A7CF-4A4C-9F34-70BFF837EC5B"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8973C458-D7B2-4CE4-B481-12B680C912CA"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0DFC0CA-571A-4C59-A960-89A6B9F0F5C4"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BC0166C-6854-47EC-B324-54ED7A0B2F9F"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0ADF5900-FA60-497F-844B-F9380C93F534"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC6BC3E1-1B05-4FD6-90DB-FF8C98CAAF18"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D434EC2-F855-4E29-8B97-76683E361812"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D10BA0D-A3E9-439D-AE51-2DAEF9F3F805"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "531C65A9-78C2-4883-8276-750A61A8693A"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3F14F11-74D9-4228-91DF-515E939D0884"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B7587AE-9D5D-45B4-B1DA-62C4E5B07B1B"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9539DC5B-A109-4111-BF20-22008B8F402D"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3F7DBDF-52CD-470A-A2E8-F3C1BB4160A8"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B92F0373-01B6-44F7-A0B6-1EEC24FC9B02"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B0EFD6-EBDE-48A3-906A-BD2C2414F3D6"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C3A5027-0511-4F76-A22B-578699D28EC8"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "579C5A69-EFB9-49A9-B8CF-4D3EFF51E870"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.28:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E51D9921-F78D-490E-BA06-98040A614829"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88A2B713-04BE-445E-B142-1E57E700F389"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DDECBE5-F7AC-4FCD-A83C-0E16CE5597DD"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8C5F96E-98B3-4F37-8D0F-A3801451172C"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00EE6124-1BBA-4A42-8B4B-8B457746499A"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "158808D7-1A89-4337-A205-78DF76E3941E"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F2E27C8-A458-4297-B9CF-3BED317074A2"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "719D9D0F-79E0-4EC8-83BE-040CE14823B8"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2DD1347-113E-460F-BF62-5EC7A2127D24"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56671280-D2E9-4EC5-A157-C7E3F14BD22D"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.38:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47F8BA81-6F96-496D-A697-BB8ABE1C1235"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75B59770-F49B-423A-AF42-30498B56B782"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2476C3B-E58D-4808-BA97-9B4A4A0CAB87"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.0.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49D6910C-F49D-4A95-B703-32C810A404D3"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3729CCBC-41C6-415A-8F0F-1C0101CF1511"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F177F867-3AEB-4DF9-A9AF-0D0284A85762"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C70248B-29BC-40D0-89A6-7CBAF65E84A8"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97D5B9CD-828D-404B-BD46-38BFA1FF1F97"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01B5E2AD-AE16-49FD-B245-8E16D16E2BB0"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0805C33B-AE85-4D65-86A0-9327071D51D6"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B691B9F-AE88-452B-9F2D-3662A9BD3FBB"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED698DE4-0B2A-4D2F-ADB2-2D4B95153008"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D01DADB-9F4D-4757-9CEF-CD69F10B1AE3"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6018F94-326C-4AC3-8872-37988D3D8D39"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15B79206-A902-4B5A-BD81-EBEBD667B86E"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C0C1EE1-5BC8-4923-92F1-5211EF3CF783"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76E72AED-661F-448D-AD5A-5C991C5C91BC"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84CB8AD7-1FD6-4699-9025-101DBE7C802A"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D90EFAEB-2179-4254-9DE0-D158F3A5693B"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E99BB789-5B84-455B-8051-2C30A0A475FC"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85F49273-5205-400F-A497-90D68405E29A"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26B2BCC9-E130-4272-9675-E1C5B8FCFB7A"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A6427E0-7464-4714-8857-9017B2466D47"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B313BB95-2D0B-48BA-9E14-95583E418647"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A24DA00-A4E9-4B08-AE83-A2F075717268"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF3F6764-940E-455C-830F-BE102A1488C1"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59B8A7BC-2B25-456E-B399-55BE2A555AFA"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C832715-0D32-4BDC-9E3F-336CC7C987BD"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D1FCD19-EC28-4EB6-8ED5-719ECAA77FA3"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D89DD06E-8791-4027-AAE9-5E2566094C0E"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D86C4C4C-ED32-4489-9C1B-163E95CD7F5F"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "969C429D-EC80-4F31-ABF2-CF0019EB8673"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.28:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE2EF4DD-34B8-4382-9BD1-E8F35C24F828"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04C80364-7B20-4C97-8036-0B18F2213D31"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F58E2F9-38CA-4948-8EDB-A8D1CCB4B683"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF4A1F88-D24A-4862-ADD2-55D57D699052"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A45B1611-192F-41EA-AF41-ACED2FD6E864"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD936A53-113B-4BDE-BEFA-BD2DA76F5C31"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E99FF20E-68D9-4A9E-B014-EA1B47B0158D"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D3ABB00-E8DE-41BF-B6F5-09CD2A5A2ED1"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DCA2630-95A0-4EB9-9DD3-80952B8833D0"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6E1F153-023B-4296-8CBD-C41D941E5E4F"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.38:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84C8B5B8-16E0-4E21-BD15-9FBCECFECB3F"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04B3717A-8055-4736-A168-33213D65A3EC"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B07C23B-253D-4C98-A53D-549CB759257B"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AA23ADB-1B18-4CC2-ADD3-7BC3E062234E"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AB8C1C0-102B-40EC-A392-957F4DCE4A9C"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.43:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7959131D-FFFF-4423-AE12-6ED0AE4E13D3"
          },
          {
            "criteria": "cpe:2.3:a:wsn:links:4.1.44:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B089BA1F-BAD2-4E2C-9A91-D227A18CA788"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
References

Sources include official advisories and independent security research.
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
