CVE Vulnerabilities

CVE-2008-4319

Improper Authentication

Published: Sep 29, 2008 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Php_filemanager Libra_file_manager 1.17 1.17
Php_filemanager Libra_file_manager 1.03 1.03
Php_filemanager Libra_file_manager 1.08 1.08
Php_filemanager Libra_file_manager 1.05 1.05
Php_filemanager Libra_file_manager 1.00 1.00
Php_filemanager Libra_file_manager * 1.18

Potential Mitigations

References