Vulnerability Details CVE-2008-4358
Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.0%
CVSS Severity
CVSS v2 Score 10.0
References
- http://blog.solmetra.com/2008/09/10/spaw-editor-php-edition-hotfix-release/
- http://secunia.com/advisories/31796
- http://sourceforge.net/project/shownotes.php?release_id=625333&group_id=77954
- http://spaw.svn.sourceforge.net/viewvc/spaw/spaw2/trunk/class/theme.class.php?r1=151&r2=359
- http://www.securityfocus.com/bid/31185
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45104
- http://blog.solmetra.com/2008/09/10/spaw-editor-php-edition-hotfix-release/
- http://secunia.com/advisories/31796
- http://sourceforge.net/project/shownotes.php?release_id=625333&group_id=77954
- http://spaw.svn.sourceforge.net/viewvc/spaw/spaw2/trunk/class/theme.class.php?r1=151&r2=359
- http://www.securityfocus.com/bid/31185
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45104
Products affected by CVE-2008-4358
-
cpe:2.3:a:spaw_editor:spaw_php:*
-
cpe:2.3:a:spaw_editor:spaw_php:1.0
-
cpe:2.3:a:spaw_editor:spaw_php:1.0.1
-
cpe:2.3:a:spaw_editor:spaw_php:1.0.2
-
cpe:2.3:a:spaw_editor:spaw_php:1.0.3
-
cpe:2.3:a:spaw_editor:spaw_php:1.0.4
-
cpe:2.3:a:spaw_editor:spaw_php:1.0.5
-
cpe:2.3:a:spaw_editor:spaw_php:1.0.5a
-
cpe:2.3:a:spaw_editor:spaw_php:1.0.6
-
cpe:2.3:a:spaw_editor:spaw_php:1.0.7
-
cpe:2.3:a:spaw_editor:spaw_php:1.1
-
cpe:2.3:a:spaw_editor:spaw_php:1.2
-
cpe:2.3:a:spaw_editor:spaw_php:1.2.1
-
cpe:2.3:a:spaw_editor:spaw_php:1.2.2
-
cpe:2.3:a:spaw_editor:spaw_php:1.2.3
-
cpe:2.3:a:spaw_editor:spaw_php:2.0.0
-
cpe:2.3:a:spaw_editor:spaw_php:2.0.1
-
cpe:2.3:a:spaw_editor:spaw_php:2.0.2
-
cpe:2.3:a:spaw_editor:spaw_php:2.0.3
-
cpe:2.3:a:spaw_editor:spaw_php:2.0.4
-
cpe:2.3:a:spaw_editor:spaw_php:2.0.4.1
-
cpe:2.3:a:spaw_editor:spaw_php:2.0.5
-
cpe:2.3:a:spaw_editor:spaw_php:2.0.6
-
cpe:2.3:a:spaw_editor:spaw_php:2.0.7