Vulnerability Details : CVE-2008-2230
Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2008-2230
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-2230
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
[email protected] |
CWE ids for CVE-2008-2230
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: [email protected] (Primary)
References for CVE-2008-2230
Products affected by CVE-2008-2230
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.17:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.19:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.04.07:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.04.07.2:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.05.28:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.05.31:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.08.02:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.08.03:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2008.03.28:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.11:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.13:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.24:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.27:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.04.23:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.10:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.20:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.04.13:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.04.16:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.04.20:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.06.13:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.06.27:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.08.03.2:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.08.12:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.04.27:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.07.08:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.07.12:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.08.20:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.10.30:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.14:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.15:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.28:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.03.29:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.05.02:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.05.27:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.07.18:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2007.07.19:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2008.01.20:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug-ng:0.2008.03.26:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug:3.31:*:*:*:*:*:*:*
- cpe:2.3:a:reportbug-ng:reportbug:3.8:*:*:*:*:*:*:*