CVE-2008-4319
Libra PHP File Manager 1.18/2.0 - Local File Inclusion
Severity Score
6.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
El módulo fileadmin.php en Libra File Manager (también conocido como Libra PHP File Manager) v1.18 y anteriores permite a atacantes remotos evitar la autenticación, leer ficheros arbitrarios, modificar ficheros arbitrarios y listar el contenido de directorios arbitrarios, al insertar ciertos parámetros "user" e "isadmin" en la cadena de consulta.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-09-29 CVE Reserved
- 2008-09-29 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45423 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/6567 | 2024-08-07 | |
| http://www.securityfocus.com/archive/1/496742 | 2024-08-07 | |
| http://www.securityfocus.com/bid/31415 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libra File Manager Search vendor "Libra File Manager" | Php Filemanager Search vendor "Libra File Manager" for product "Php Filemanager" | <= 1.18 Search vendor "Libra File Manager" for product "Php Filemanager" and version " <= 1.18" | - |
Affected
| ||||||
| Libra File Manager Search vendor "Libra File Manager" | Php Filemanager Search vendor "Libra File Manager" for product "Php Filemanager" | 1.00 Search vendor "Libra File Manager" for product "Php Filemanager" and version "1.00" | - |
Affected
| ||||||
| Libra File Manager Search vendor "Libra File Manager" | Php Filemanager Search vendor "Libra File Manager" for product "Php Filemanager" | 1.03 Search vendor "Libra File Manager" for product "Php Filemanager" and version "1.03" | - |
Affected
| ||||||
| Libra File Manager Search vendor "Libra File Manager" | Php Filemanager Search vendor "Libra File Manager" for product "Php Filemanager" | 1.05 Search vendor "Libra File Manager" for product "Php Filemanager" and version "1.05" | - |
Affected
| ||||||
| Libra File Manager Search vendor "Libra File Manager" | Php Filemanager Search vendor "Libra File Manager" for product "Php Filemanager" | 1.08 Search vendor "Libra File Manager" for product "Php Filemanager" and version "1.08" | - |
Affected
| ||||||
| Libra File Manager Search vendor "Libra File Manager" | Php Filemanager Search vendor "Libra File Manager" for product "Php Filemanager" | 1.17 Search vendor "Libra File Manager" for product "Php Filemanager" and version "1.17" | - |
Affected
| ||||||