Vulnerability Details : CVE-2008-0666

Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.

Published 2008-02-11 21:00:00

Updated 2008-09-05 21:35:40

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-0666

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-0666

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
3.6	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:P	3.9	4.9	nvd@nist.gov
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2008-0666

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-0666

Products affected by CVE-2008-0666

Website Meta Language » Website Meta Language » Version: 2.0.11
cpe:2.3:a:website_meta_language:website_meta_language:2.0.11:*:*:*:*:*:*:*
Matching versions