Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-2650

EPSS 2.00% · P84
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-2650

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
CMSimple index.php 目录遍历和输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CMSimple是丹麦软件开发者Peter Andreas Harteg所研发的一套基于PHP的小型网站内容管理工具。该工具支持所见即所得编辑器、文件自动备份和多种语言等。 CMSimple的index.php脚本中没有正确地过滤对sl参数的输入便用于包含本地文件;index.php脚本没有正确地限制对登录用户的访问,可能导致上传任意文件并执行任意PHP代码。成功利用这些漏洞要求打开了register_globals。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2008-2650

#POC DescriptionSource LinkShenlong Link
1CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2008/CVE-2008-2650.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2008-2650

登录查看更多情报信息。

Same Patch Batch · n/a · 2008-06-10 · 33 CVEs total

CVE-2008-2652Smeweb catalog.php 多个SQL注入漏洞
CVE-2008-26381Book guestbook.php 静态代码注入漏洞
CVE-2008-2637F5 FirePass SSL VPN 多个跨站脚本漏洞
CVE-2008-2636Cisco Linksys_wrh54g_router HTTP服务器拒绝服务攻击漏洞
CVE-2008-2635Barad_dur Bitkinex 多个目录遍历漏洞
CVE-2008-2634bearriver i-pos_internet_pay_online_store index.asp SQL注入漏洞
CVE-2008-2633Joomla!/Mambo JoomRadio 组件多个SQL注入漏洞
CVE-2008-2632Joomla acctexp组件 index.php SQL注入漏洞
CVE-2008-2631Alt-N Technologies MDaemon WordClient界面拒绝服务攻击漏洞
CVE-2008-2630Joomla Com_jb2组件 index.php CategoryID参数SQL注入漏洞
CVE-2008-2629Drupal LifeType模块 index.php albumId参数SQL注入漏洞
CVE-2008-2628Joomla eQuotes组件index.php SQL注入漏洞
CVE-2008-2627joomla com_idoblog组件 index.php SQL注入漏洞
CVE-2008-2626battleblog comment.asp SQL注入漏洞
CVE-2008-2358Linux Kernel DCCP 子系统 net/dccp/feat.c 整数溢出漏洞
CVE-2008-1673Linux kernel 缓冲区错误漏洞
CVE-2008-0960Net-SNMP认证绕过漏洞
CVE-2008-2651Joomla Com_joobb组件 index.php SQL注入漏洞
CVE-2008-2649Don3 DesktopOnNet 多个PHP远程文件包含漏洞
CVE-2008-2648meBiblio upload/uploader.html 未限制文件上传漏洞

Showing top 20 of 33 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2008-2650

No comments yet

Leave a comment