7.5

CVE-2008-5186

The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable).  NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GeshiGeshi Version <= 1.0.8
GeshiGeshi Version1.0.0
GeshiGeshi Version1.0.1
GeshiGeshi Version1.0.2
GeshiGeshi Version1.0.2_beta_1
GeshiGeshi Version1.0.3
GeshiGeshi Version1.0.4
GeshiGeshi Version1.0.5
GeshiGeshi Version1.0.6
GeshiGeshi Version1.0.7
GeshiGeshi Version1.0.7.1
GeshiGeshi Version1.0.7.2
GeshiGeshi Version1.0.7.3
GeshiGeshi Version1.0.7.4
GeshiGeshi Version1.0.7.5
GeshiGeshi Version1.0.7.6
GeshiGeshi Version1.0.7.7
GeshiGeshi Version1.0.7.8
GeshiGeshi Version1.0.7.9
GeshiGeshi Version1.0.7.10
GeshiGeshi Version1.0.7.11
GeshiGeshi Version1.0.7.12
GeshiGeshi Version1.0.7.13
GeshiGeshi Version1.0.7.14
GeshiGeshi Version1.0.7.15
GeshiGeshi Version1.0.7.16
GeshiGeshi Version1.0.7.17
GeshiGeshi Version1.0.7.18
GeshiGeshi Version1.0.7.19
GeshiGeshi Version1.0.7.20
GeshiGeshi Version1.0.7.21
GeshiGeshi Version1.0.7.22
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.92% 0.752
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.