CVE-2002-0998 - Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote att

CVE-2002-0998

Summary

Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function.

References

Vulnerable Configurations

cpe:2.3:a:care_2002:care_2002:1.0.01:*:*:*:*:*:*:*
cpe:2.3:a:care_2002:care_2002:1.0.01:*:*:*:*:*:*:*
cpe:2.3:a:care_2002:care_2002:1.0:*:*:*:*:*:*:*
cpe:2.3:a:care_2002:care_2002:1.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	5218
bugtraq	20020712 Several problems in CARE 2002
confirm	http://www.care2x.com/modul.php?thispage=headlines&m_titel=NEWS&m_item=Headlines&lang=en
xf	care2002-include-read-files(9552)

Last major update

14-02-2024 - 01:17

Published

04-10-2002 - 04:00

Last modified

14-02-2024 - 01:17