CVE-2008-0473 - Vulnerability Details - OpenCVE

RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Web Wiz	Rich Text Editor

Configuration 1 [-]

cpe:2.3:a:web_wiz:rich_text_editor:4.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securityreason.com/securityalert/3584
http://www.bugreport.ir/?/31
http://www.securityfocus.com/archive/1/486868/100/0/threaded
http://www.securityfocus.com/bid/27419
http://www.securityfocus.com/bid/27420
http://www.securitytracker.com/id?1019267
https://www.exploit-db.com/exploits/4971

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-29T19:00:00

Updated: 2024-08-07T07:46:54.815Z

Reserved: 2008-01-29T00:00:00

Link: CVE-2008-0473

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-01-29T20:00:00.000

Modified: 2024-11-21T00:42:11.293

Link: CVE-2008-0473

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"}, {"name": "4971", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4971"}, {"name": "27419", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27419"}, {"name": "3584", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3584"}, {"tags": ["x_refsource_MISC"], "url": "http://www.bugreport.ir/?/31"}, {"name": "27420", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27420"}, {"name": "1019267", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019267"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0473", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"}, {"name": "4971", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4971"}, {"name": "27419", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27419"}, {"name": "3584", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3584"}, {"name": "http://www.bugreport.ir/?/31", "refsource": "MISC", "url": "http://www.bugreport.ir/?/31"}, {"name": "27420", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27420"}, {"name": "1019267", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019267"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:46:54.815Z"}, "title": "CVE Program Container", "references": [{"name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"}, {"name": "4971", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4971"}, {"name": "27419", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27419"}, {"name": "3584", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3584"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.bugreport.ir/?/31"}, {"name": "27420", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27420"}, {"name": "1019267", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019267"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0473", "datePublished": "2008-01-29T19:00:00", "dateReserved": "2008-01-29T00:00:00", "dateUpdated": "2024-08-07T07:46:54.815Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:web_wiz:rich_text_editor:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D094614F-5DB7-4C3B-97C1-3110A433BED4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors."}, {"lang": "es", "value": "RTE_popup_save_file.asp en Web Wiz Rich Text Editor 4.0 permite a atacantes remotos actualizar archivos (1) .html y (2) .htm a trav\u00e9s de vectores no especificados."}], "id": "CVE-2008-0473", "lastModified": "2024-11-21T00:42:11.293", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-29T20:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3584"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.bugreport.ir/?/31"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27419"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27420"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019267"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3584"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.bugreport.ir/?/31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27419"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4971"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}