CVE-2008-4913

Published: Nov 4, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.

Affected (8)

Products: Lokicms: Lokicms

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Lokicms Lokicms	Up to 0.3.3
Lokicms Lokicms	Version 0.1.0
Lokicms Lokicms	Version 0.1.0rc1
Lokicms Lokicms	Version 0.2.0
Lokicms Lokicms	Version 0.3.0
Lokicms Lokicms	Version 0.3.1b1
Lokicms Lokicms	Version 0.3.1b2
Lokicms Lokicms	Version 0.3.2b1

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (10)

http://lokicms.com/

Source: cve@mitre.org

http://securityreason.com/securityalert/4554

Source: cve@mitre.org

http://www.securityfocus.com/bid/28985

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/42247

Source: cve@mitre.org

https://www.exploit-db.com/exploits/5522

Source: cve@mitre.org

http://lokicms.com/

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/4554

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/28985

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/42247

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/5522

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.