CVE-2008-2898

CVSS 9.3 - HIGH

Description

Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Affected Products

1

Vendor	Product	Version
hedgehog-cms	hedgehog-cms	`1.21`

References

http://osvdb.org/46480

http://secunia.com/advisories/30778

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://www.exploit-db.com/exploits/5904

http://osvdb.org/46480

http://secunia.com/advisories/30778

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://www.exploit-db.com/exploits/5904

Weakness Types

CWE-22

CVE Information

CVE ID:: CVE-2008-2898
Published:: 2008-06-27
Modified:: 2026-04-23
CVSS Score:: 9.3
Severity:: HIGH
Vector:: AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Vendors

hedgehog-cms

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL