5
CVE-2008-0466
- EPSS 4.93%
- Veröffentlicht 29.01.2008 00:00:00
- Zuletzt bearbeitet 16.06.2026 22:49:41
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWeb Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webwiz ≫ Web Wiz Forums Version9.07
Webwiz ≫ Web Wiz Newspad Version1.02
Webwiz ≫ Web Wiz Rich Text Editor Version4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.93% | 0.91 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://securityreason.com/securityalert/3584
http://securitytracker.com/id?1019267
http://www.bugreport.ir/?/29
http://www.bugreport.ir/?/31
http://www.securityfocus.com/archive/1/486866/100/0/threaded
http://www.securityfocus.com/archive/1/486868/100/0/threaded
http://www.securityfocus.com/bid/27419
http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp
https://www.exploit-db.com/exploits/4970
https://www.exploit-db.com/exploits/4971