CVE-2008-3504

Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies."

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/30833	Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=608915
http://www.securityfocus.com/bid/29926
https://exchange.xforce.ibmcloud.com/vulnerabilities/43333

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mpfm:mask_php_file_manager::::::::
	cpe:2.3:a:mpfm:mask_php_file_manager::a::::::*
	cpe:2.3:a:mpfm:mask_php_file_manager::c::::::*
	cpe:2.3:a:mpfm:mask_php_file_manager::d::::::*
	cpe:2.3:a:mpfm:mask_php_file_manager:1.0:::::::*
	cpe:2.3:a:mpfm:mask_php_file_manager:1.1:a::::::
	cpe:2.3:a:mpfm:mask_php_file_manager:1.2:::::::*
	cpe:2.3:a:mpfm:mask_php_file_manager:1.3:::::::*
	cpe:2.3:a:mpfm:mask_php_file_manager:1.4:::::::*
	cpe:2.3:a:mpfm:mask_php_file_manager:1.5:::::::*
	cpe:2.3:a:mpfm:mask_php_file_manager:1.6:::::::*
	cpe:2.3:a:mpfm:mask_php_file_manager:2.1:::::::*

History

No history.

Information

Published : 2008-08-06 18:41

Updated : 2017-08-08 01:31

NVD link : CVE-2008-3504

Mitre link : CVE-2008-3504

CVE.ORG link : CVE-2008-3504

JSON object : View

Products Affected

mpfm

mask_php_file_manager

CWE

CWE-287

Improper Authentication

{"id": "CVE-2008-3504", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-08-06T18:41:00.000", "references": [{"url": "http://secunia.com/advisories/30833", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=608915", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29926", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43333", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to \"manipulation of cookies.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en Mask PHP File Manager (mPFM) versiones anteriores a 2.3 tiene un impacto y vectores de ataque remotos desconocidos ralacionados con \"manipulaci\u00f3n de cookies\""}], "lastModified": "2017-08-08T01:31:56.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F8D3A5-25A6-4D4B-8ED7-22598D25123C", "versionEndIncluding": "2.2"}, {"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:*:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93BD6144-64EC-4F62-9E03-8EE02B7914CA", "versionEndIncluding": "2.2"}, {"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:*:c:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ADD7339-AB91-4C53-B98A-6C5B441413A1", "versionEndIncluding": "2.2"}, {"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:*:d:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B88CBC22-08C0-4C56-83F1-F04A3F99E22F", "versionEndIncluding": "2.2"}, {"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B19D1B5-305F-4DB4-886F-00A5099E5928"}, {"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:1.1:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFF10372-2A42-49E7-B4BC-61B5EC98B6BB"}, {"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D1D42BE-988D-4DE6-ACD1-3BFD174ECA61"}, {"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BF6A201-E395-4786-9148-7256FB9F139B"}, {"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACAE72C6-6D0E-4D68-810B-839FA3B94CC5"}, {"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE88CF08-D77E-4BA8-B4E2-13D6FF76AAF9"}, {"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "235639C0-E120-4EAC-9DB6-1FE828DA8D3B"}, {"criteria": "cpe:2.3:a:mpfm:mask_php_file_manager:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1313A3D0-BBF7-41AA-BD60-1E1010471A3A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}