5

CVE-2008-0466

EPSS 12.28%
Veröffentlicht 29.01.2008 00:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files.  NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Webwiz ≫ Web Wiz Forums Version9.07

Webwiz ≫ Web Wiz Newspad Version1.02

Webwiz ≫ Web Wiz Rich Text Editor Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.28%	0.936

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://securityreason.com/securityalert/3584

http://securitytracker.com/id?1019267

http://www.bugreport.ir/?/29

http://www.bugreport.ir/?/31

http://www.securityfocus.com/archive/1/486866/100/0/threaded

http://www.securityfocus.com/archive/1/486868/100/0/threaded

http://www.securityfocus.com/bid/27419

http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp

https://www.exploit-db.com/exploits/4970

https://www.exploit-db.com/exploits/4971

https://nvd.nist.gov/vuln/detail/CVE-2008-0466

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0466

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0466

EUVD