// For flags

CVE-2008-4319

Libra PHP File Manager 1.18/2.0 - Local File Inclusion

Severity Score

6.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.

El módulo fileadmin.php en Libra File Manager (también conocido como Libra PHP File Manager) v1.18 y anteriores permite a atacantes remotos evitar la autenticación, leer ficheros arbitrarios, modificar ficheros arbitrarios y listar el contenido de directorios arbitrarios, al insertar ciertos parámetros "user" e "isadmin" en la cadena de consulta.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-09-29 CVE Reserved
  • 2008-09-29 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-08-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libra File Manager
Search vendor "Libra File Manager"
Php Filemanager
Search vendor "Libra File Manager" for product "Php Filemanager"
<= 1.18
Search vendor "Libra File Manager" for product "Php Filemanager" and version " <= 1.18"
-
Affected
Libra File Manager
Search vendor "Libra File Manager"
Php Filemanager
Search vendor "Libra File Manager" for product "Php Filemanager"
1.00
Search vendor "Libra File Manager" for product "Php Filemanager" and version "1.00"
-
Affected
Libra File Manager
Search vendor "Libra File Manager"
Php Filemanager
Search vendor "Libra File Manager" for product "Php Filemanager"
1.03
Search vendor "Libra File Manager" for product "Php Filemanager" and version "1.03"
-
Affected
Libra File Manager
Search vendor "Libra File Manager"
Php Filemanager
Search vendor "Libra File Manager" for product "Php Filemanager"
1.05
Search vendor "Libra File Manager" for product "Php Filemanager" and version "1.05"
-
Affected
Libra File Manager
Search vendor "Libra File Manager"
Php Filemanager
Search vendor "Libra File Manager" for product "Php Filemanager"
1.08
Search vendor "Libra File Manager" for product "Php Filemanager" and version "1.08"
-
Affected
Libra File Manager
Search vendor "Libra File Manager"
Php Filemanager
Search vendor "Libra File Manager" for product "Php Filemanager"
1.17
Search vendor "Libra File Manager" for product "Php Filemanager" and version "1.17"
-
Affected