CVE-2008-4319 (GCVE-0-2008-4319)

Vulnerability from cvelistv5 – Published: 2008-09-29 18:00 – Updated: 2024-08-07 10:08
VLAI?
Summary
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2008-09-25 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:08:35.150Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "6567",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6567"
          },
          {
            "name": "31415",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31415"
          },
          {
            "name": "20080925 Fwd: Returned post for bugtraq@securityfocus.com",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496742"
          },
          {
            "name": "librafilemanager-fileadmin-security-bypass(45423)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45423"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "6567",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6567"
        },
        {
          "name": "31415",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31415"
        },
        {
          "name": "20080925 Fwd: Returned post for bugtraq@securityfocus.com",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496742"
        },
        {
          "name": "librafilemanager-fileadmin-security-bypass(45423)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45423"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4319",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "6567",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6567"
            },
            {
              "name": "31415",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31415"
            },
            {
              "name": "20080925 Fwd: Returned post for bugtraq@securityfocus.com",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496742"
            },
            {
              "name": "librafilemanager-fileadmin-security-bypass(45423)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45423"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4319",
    "datePublished": "2008-09-29T18:00:00.000Z",
    "dateReserved": "2008-09-29T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:08:35.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-4319",
      "date": "2026-04-20",
      "epss": "0.03367",
      "percentile": "0.87377"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libra_file_manager:php_filemanager:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.18\", \"matchCriteriaId\": \"93AF7428-B3B2-4962-A3EC-7417FCF22B60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libra_file_manager:php_filemanager:1.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C83A5C9-A836-4B7F-A0E0-4C354525A08A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libra_file_manager:php_filemanager:1.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB9543DA-0F76-4438-BE61-51D42412A813\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libra_file_manager:php_filemanager:1.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A152A89-1E0A-47A3-AABD-C5FBC4869EDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libra_file_manager:php_filemanager:1.08:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D225985-9697-4704-AA54-1A9B9D7B8988\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libra_file_manager:php_filemanager:1.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DFE7EF9-9374-4DF3-9851-E830D424A7AF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00f3dulo fileadmin.php en Libra File Manager (tambi\\u00e9n conocido como Libra PHP File Manager) v1.18 y anteriores permite a atacantes remotos evitar la autenticaci\\u00f3n, leer ficheros arbitrarios, modificar ficheros arbitrarios y listar el contenido de directorios arbitrarios, al insertar ciertos par\\u00e1metros \\\"user\\\" e \\\"isadmin\\\" en la cadena de consulta.\"}]",
      "id": "CVE-2008-4319",
      "lastModified": "2024-11-21T00:51:22.720",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-09-29T19:25:35.760",
      "references": "[{\"url\": \"http://www.securityfocus.com/archive/1/496742\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/31415\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45423\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/6567\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/496742\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/31415\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45423\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/6567\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-4319\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-09-29T19:25:35.760\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo fileadmin.php en Libra File Manager (tambi\u00e9n conocido como Libra PHP File Manager) v1.18 y anteriores permite a atacantes remotos evitar la autenticaci\u00f3n, leer ficheros arbitrarios, modificar ficheros arbitrarios y listar el contenido de directorios arbitrarios, al insertar ciertos par\u00e1metros \\\"user\\\" e \\\"isadmin\\\" en la cadena de consulta.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libra_file_manager:php_filemanager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.18\",\"matchCriteriaId\":\"93AF7428-B3B2-4962-A3EC-7417FCF22B60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libra_file_manager:php_filemanager:1.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C83A5C9-A836-4B7F-A0E0-4C354525A08A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libra_file_manager:php_filemanager:1.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB9543DA-0F76-4438-BE61-51D42412A813\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libra_file_manager:php_filemanager:1.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A152A89-1E0A-47A3-AABD-C5FBC4869EDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libra_file_manager:php_filemanager:1.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D225985-9697-4704-AA54-1A9B9D7B8988\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libra_file_manager:php_filemanager:1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DFE7EF9-9374-4DF3-9851-E830D424A7AF\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/archive/1/496742\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/31415\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45423\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/6567\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/496742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/31415\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/6567\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.