6.4
CVE-2008-4319
- EPSS 2.3%
- Veröffentlicht 29.09.2008 19:25:35
- Zuletzt bearbeitet 16.06.2026 22:57:35
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginfileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libra File Manager ≫ Php Filemanager Version <= 1.18
Libra File Manager ≫ Php Filemanager Version1.00
Libra File Manager ≫ Php Filemanager Version1.03
Libra File Manager ≫ Php Filemanager Version1.05
Libra File Manager ≫ Php Filemanager Version1.08
Libra File Manager ≫ Php Filemanager Version1.17
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.3% | 0.811 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://www.securityfocus.com/archive/1/496742
http://www.securityfocus.com/bid/31415
https://exchange.xforce.ibmcloud.com/vulnerabilities/45423
https://www.exploit-db.com/exploits/6567