Vulnerabilites related to brilaps - mostlyce
Vulnerability from fkie_nvd
Published
2009-09-11 16:30
Modified
2024-11-21 00:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mambo-foundation | mambo | * | |
| mambo-foundation | mambo | 4.6.2 | |
| brilaps | mostlyce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mambo-foundation:mambo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2DE818-7FEA-48ED-BD22-A8760C1F297F",
"versionEndIncluding": "4.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97BAB160-6BB4-4535-BA60-B25303793FBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brilaps:mostlyce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "295DA818-1660-4534-A153-2F416C66D2D0",
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php en MOStlyCE y anteriores a la v2.4, como la usada en Mambo v4.6.3 y anteriores, permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a trav\u00e9s del par\u00e1metro Command."
}
],
"id": "CVE-2008-7213",
"lastModified": "2024-11-21T00:58:33.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-11T16:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"source": "cve@mitre.org",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42530"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28670"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27470"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-11 16:30
Modified
2024-11-21 00:58
Severity ?
Summary
MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mambo-foundation | mambo | * | |
| mambo-foundation | mambo | 4.6.2 | |
| brilaps | mostlyce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mambo-foundation:mambo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2DE818-7FEA-48ED-BD22-A8760C1F297F",
"versionEndIncluding": "4.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97BAB160-6BB4-4535-BA60-B25303793FBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brilaps:mostlyce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "295DA818-1660-4534-A153-2F416C66D2D0",
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "MOStlyCE anteriores a la v2.4, como la usada en Mambo v4.6.3 y anteriores, permiten a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de determinadas peticiones sobre mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php el cual revela el path de instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2008-7212",
"lastModified": "2024-11-21T00:58:33.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-11T16:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"source": "cve@mitre.org",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/42529"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28670"
},
{
"source": "cve@mitre.org",
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/42529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-11 16:30
Modified
2024-11-21 00:58
Severity ?
Summary
The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mambo-foundation | mambo | * | |
| mambo-foundation | mambo | 4.6.2 | |
| brilaps | mostlyce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mambo-foundation:mambo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2DE818-7FEA-48ED-BD22-A8760C1F297F",
"versionEndIncluding": "4.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97BAB160-6BB4-4535-BA60-B25303793FBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brilaps:mostlyce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "295DA818-1660-4534-A153-2F416C66D2D0",
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails."
},
{
"lang": "es",
"value": "El Image Manager en MOStlyCE anteriores a v2.4, como las usadas en Mambo v4.6.3 y anteriores, permite a atacantes remotos renombrar ficheros de su elecci\u00f3n y provocar una denegaci\u00f3n de servicio a trav\u00e9s de la modificaci\u00f3n de los par\u00e1metros file[NewFile][name], file[NewFile][tmp_name], y file[NewFile][size] en un comando FileUpload, que es usado para modificar las variables equivalentes en $_FILES que son accedidas cuando la comprobaci\u00f3n is_uploaded_file falla."
}
],
"id": "CVE-2008-7215",
"lastModified": "2024-11-21T00:58:33.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-11T16:30:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"source": "cve@mitre.org",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/42532"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28670"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27472"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/42532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39986"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-11 16:30
Modified
2024-11-21 00:58
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mambo-foundation | mambo | * | |
| mambo-foundation | mambo | 4.6.2 | |
| brilaps | mostlyce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mambo-foundation:mambo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2DE818-7FEA-48ED-BD22-A8760C1F297F",
"versionEndIncluding": "4.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97BAB160-6BB4-4535-BA60-B25303793FBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brilaps:mostlyce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "295DA818-1660-4534-A153-2F416C66D2D0",
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en administrator/index2.php en MOStlyCE anterior a la v2.4, como la usada en Mambo v4.6.3, permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que a\u00f1aden nuevas cuentas de administradores a trav\u00e9s de una tarea guardada en una acci\u00f3n com_users, como se demostr\u00f3 usando una vulnerabilidad cross site scripting (XSS) separada en mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php."
}
],
"id": "CVE-2008-7214",
"lastModified": "2024-11-21T00:58:33.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-11T16:30:00.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"source": "cve@mitre.org",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/42531"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28670"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/42531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-7214
Vulnerability from cvelistv5
Published
2009-09-11 16:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/0325 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39985 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/42531 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/28670 | third-party-advisory, x_refsource_SECUNIA | |
| http://forum.mambo-foundation.org/showthread.php?t=10158 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/487128/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.bugreport.ir/index_33.htm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0325",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "mambo-connector-csrf(39985)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "42531",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42531"
},
{
"name": "28670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_33.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0325",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "mambo-connector-csrf(39985)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "42531",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42531"
},
{
"name": "28670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_33.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0325",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "mambo-connector-csrf(39985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "42531",
"refsource": "OSVDB",
"url": "http://osvdb.org/42531"
},
{
"name": "28670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28670"
},
{
"name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
"refsource": "CONFIRM",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"name": "http://www.bugreport.ir/index_33.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_33.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7214",
"datePublished": "2009-09-11T16:00:00",
"dateReserved": "2009-09-11T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7212
Vulnerability from cvelistv5
Published
2009-09-11 16:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/0325 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39983 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/28670 | third-party-advisory, x_refsource_SECUNIA | |
| http://forum.mambo-foundation.org/showthread.php?t=10158 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/487128/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.bugreport.ir/index_33.htm | x_refsource_MISC | |
| http://osvdb.org/42529 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0325",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "mambo-mostlyce-connector-path-disclosure(39983)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "28670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"name": "42529",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0325",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "mambo-mostlyce-connector-path-disclosure(39983)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "28670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"name": "42529",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0325",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "mambo-mostlyce-connector-path-disclosure(39983)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "28670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28670"
},
{
"name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
"refsource": "CONFIRM",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"name": "http://www.bugreport.ir/index_33.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"name": "42529",
"refsource": "OSVDB",
"url": "http://osvdb.org/42529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7212",
"datePublished": "2009-09-11T16:00:00",
"dateReserved": "2009-09-11T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7215
Vulnerability from cvelistv5
Published
2009-09-11 16:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/0325 | vdb-entry, x_refsource_VUPEN | |
| http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/42532 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/28670 | third-party-advisory, x_refsource_SECUNIA | |
| http://forum.mambo-foundation.org/showthread.php?t=10158 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/487128/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39986 | vdb-entry, x_refsource_XF | |
| http://www.bugreport.ir/index_33.htm | x_refsource_MISC | |
| http://www.securityfocus.com/bid/27472 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0325",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "42532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42532"
},
{
"name": "28670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"name": "mambo-connector-dos(39986)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39986"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"name": "27472",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0325",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "42532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42532"
},
{
"name": "28670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"name": "mambo-connector-dos(39986)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39986"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"name": "27472",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0325",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "42532",
"refsource": "OSVDB",
"url": "http://osvdb.org/42532"
},
{
"name": "28670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28670"
},
{
"name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
"refsource": "CONFIRM",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"name": "mambo-connector-dos(39986)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39986"
},
{
"name": "http://www.bugreport.ir/index_33.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_33.htm"
},
{
"name": "27472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7215",
"datePublished": "2009-09-11T16:00:00",
"dateReserved": "2009-09-11T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7213
Vulnerability from cvelistv5
Published
2009-09-11 16:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/42530 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2008/0325 | vdb-entry, x_refsource_VUPEN | |
| http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39984 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/27470 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28670 | third-party-advisory, x_refsource_SECUNIA | |
| http://forum.mambo-foundation.org/showthread.php?t=10158 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/487128/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.bugreport.ir/index_33.htm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42530"
},
{
"name": "ADV-2008-0325",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "mambo-mostlyce-connector-xss(39984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984"
},
{
"name": "27470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27470"
},
{
"name": "28670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_33.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42530"
},
{
"name": "ADV-2008-0325",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "mambo-mostlyce-connector-xss(39984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984"
},
{
"name": "27470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27470"
},
{
"name": "28670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_33.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42530",
"refsource": "OSVDB",
"url": "http://osvdb.org/42530"
},
{
"name": "ADV-2008-0325",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0325"
},
{
"name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
},
{
"name": "mambo-mostlyce-connector-xss(39984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984"
},
{
"name": "27470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27470"
},
{
"name": "28670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28670"
},
{
"name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
"refsource": "CONFIRM",
"url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
},
{
"name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
},
{
"name": "http://www.bugreport.ir/index_33.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_33.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7213",
"datePublished": "2009-09-11T16:00:00",
"dateReserved": "2009-09-11T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}