6.4
CVE-2008-4319
- EPSS 3.37%
- Veröffentlicht 29.09.2008 19:25:35
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginfileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libra File Manager ≫ Php Filemanager Version <= 1.18
Libra File Manager ≫ Php Filemanager Version1.00
Libra File Manager ≫ Php Filemanager Version1.03
Libra File Manager ≫ Php Filemanager Version1.05
Libra File Manager ≫ Php Filemanager Version1.08
Libra File Manager ≫ Php Filemanager Version1.17
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.37% | 0.87 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.