CVE-2008-4319

EUVD-2008-4300
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
libra_file_managerphp_filemanager
𝑥
≤ 1.18
libra_file_managerphp_filemanager
1.00
libra_file_managerphp_filemanager
1.03
libra_file_managerphp_filemanager
1.05
libra_file_managerphp_filemanager
1.08
libra_file_managerphp_filemanager
1.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/496742
http://www.securityfocus.com/bid/31415
https://exchange.xforce.ibmcloud.com/vulnerabilities/45423
https://www.exploit-db.com/exploits/6567
http://www.securityfocus.com/archive/1/496742
http://www.securityfocus.com/bid/31415
https://exchange.xforce.ibmcloud.com/vulnerabilities/45423
https://www.exploit-db.com/exploits/6567