CVE-2008-5186

The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable).  NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
geshigeshi
𝑥
≤ 1.0.8
geshigeshi
1.0.0
geshigeshi
1.0.1
geshigeshi
1.0.2
geshigeshi
1.0.2_beta_1:_beta_1
geshigeshi
1.0.3
geshigeshi
1.0.4
geshigeshi
1.0.5
geshigeshi
1.0.6
geshigeshi
1.0.7
geshigeshi
1.0.7.1
geshigeshi
1.0.7.2
geshigeshi
1.0.7.3
geshigeshi
1.0.7.4
geshigeshi
1.0.7.5
geshigeshi
1.0.7.6
geshigeshi
1.0.7.7
geshigeshi
1.0.7.8
geshigeshi
1.0.7.9
geshigeshi
1.0.7.10
geshigeshi
1.0.7.11
geshigeshi
1.0.7.12
geshigeshi
1.0.7.13
geshigeshi
1.0.7.14
geshigeshi
1.0.7.15
geshigeshi
1.0.7.16
geshigeshi
1.0.7.17
geshigeshi
1.0.7.18
geshigeshi
1.0.7.19
geshigeshi
1.0.7.20
geshigeshi
1.0.7.21
geshigeshi
1.0.7.22
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dokuwiki
bullseye
0.0.20180422.a-2.1
fixed
bookworm
0.0.20220731.a-2
fixed
sid
0.0.20220731.a-3
fixed
trixie
0.0.20220731.a-3
fixed
geshi
sid
1.0.9.1-1
fixed
trixie
1.0.9.1-1
fixed
bookworm
1.0.9.1-1
fixed
bullseye
1.0.9.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dokuwiki
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
ignored
geshi
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
dne
pgfouine
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
dne
Common Weakness Enumeration
References
http://osvdb.org/49488
http://secunia.com/advisories/32559
http://sourceforge.net/project/shownotes.php?release_id=637321
http://www.openwall.com/lists/oss-security/2008/11/10/8
http://www.securityfocus.com/bid/32070
https://exchange.xforce.ibmcloud.com/vulnerabilities/46271
http://osvdb.org/49488
http://secunia.com/advisories/32559
http://sourceforge.net/project/shownotes.php?release_id=637321
http://www.openwall.com/lists/oss-security/2008/11/10/8
http://www.securityfocus.com/bid/32070
https://exchange.xforce.ibmcloud.com/vulnerabilities/46271