CVE-2008-3312

Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be an issue in FCKeditor.

Published: Jul 25, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3312
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
lemoncms / lemon_cms	1.10	1.10.x

http://www.securityfocus.com/bid/30285
http://www.securityfocus.com/bid/30285/exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/43907

Vulnerability Database

289,871

CVE-2008-3312