CVE-2008-3564

CVSS 7.5 - HIGH

Description

Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Affected Products

1

Vendor	Product	Version
dayfox_designs	dayfox_blog	`4`

References

http://securityreason.com/securityalert/4122

http://www.securityfocus.com/bid/30538

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://www.exploit-db.com/exploits/6203

http://securityreason.com/securityalert/4122

http://www.securityfocus.com/bid/30538

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://www.exploit-db.com/exploits/6203

Weakness Types

CWE-22

CVE Information

CVE ID:: CVE-2008-3564
Published:: 2008-08-10
Modified:: 2026-04-23
CVSS Score:: 7.5
Severity:: HIGH
Vector:: AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Vendors

dayfox_designs

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL