{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "geshi-unspecified-code-execution(46271)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46271"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=637321"}, {"name": "32559", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32559"}, {"name": "32070", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32070"}, {"name": "[oss-security] 20081110 GeSHi: Clarification about the recent security (non-)issues (SA32559)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/11/10/8"}, {"name": "49488", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/49488"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5186", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "geshi-unspecified-code-execution(46271)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46271"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=637321", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=637321"}, {"name": "32559", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32559"}, {"name": "32070", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32070"}, {"name": "[oss-security] 20081110 GeSHi: Clarification about the recent security (non-)issues (SA32559)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/11/10/8"}, {"name": "49488", "refsource": "OSVDB", "url": "http://osvdb.org/49488"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:40:17.350Z"}, "title": "CVE Program Container", "references": [{"name": "geshi-unspecified-code-execution(46271)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46271"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=637321"}, {"name": "32559", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32559"}, {"name": "32070", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32070"}, {"name": "[oss-security] 20081110 GeSHi: Clarification about the recent security (non-)issues (SA32559)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/11/10/8"}, {"name": "49488", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/49488"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5186", "datePublished": "2008-11-21T02:00:00", "dateReserved": "2008-11-20T00:00:00", "dateUpdated": "2024-08-07T10:40:17.350Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:geshi:geshi:*:*:*:*:*:*:*:*", "matchCriteriaId": "1142B5BC-0D42-47ED-B929-F4BAB5553D23", "versionEndIncluding": "1.0.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7EF8085F-C8FA-4B7D-BE6B-46BD37599235", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E8640CA-5302-491A-91E7-0D559966F153", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2C7035B2-576E-4DB8-8F43-785FCE8D3077", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.2_beta_1:*:*:*:*:*:*:*", "matchCriteriaId": "63A062D8-2DE6-44F4-9CCF-BE2996F8A2DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "BACADB05-ABC5-4565-93C8-9545B16FC900", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "6243E133-0612-4FF1-81D1-758F5B55AEE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A87C84D-044C-45E4-8FE9-EB6169CE8D93", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "5E021E26-9C91-4644-8FFC-95F240E27F06", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "89D678F7-99E0-448A-89A6-EFFBB3B4060E", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "BF5342B1-7CC5-4A5B-B7A2-260E5B6983ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "C72BCBFB-A9F1-43F0-9AFA-1C26D152ECED", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "755F9D37-D32E-4B2F-9BA3-0853A554C6A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "DAB3F2AE-6353-4DE6-80FC-C83663975CC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "5A4393E5-14CC-4973-8D00-F2D22DDD6293", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "9A9A6873-3024-40FE-BD9E-D5D225C0A5A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "5E30A75B-5B35-4E92-95A2-E055810993F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "10EA5DE1-21D3-4CCC-BC3A-1165A69E0223", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "98105060-6780-4835-8092-B49130922690", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "3781AE2D-B315-452B-975A-5DA1B5A435C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "DBC96172-DB75-4F16-A615-A52F6EAB9250", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.12:*:*:*:*:*:*:*", "matchCriteriaId": "EDECF138-3450-4DA4-8FD9-FAB6D6FE3326", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.13:*:*:*:*:*:*:*", "matchCriteriaId": "62615324-C582-4008-A22E-E8203A3F4EE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.14:*:*:*:*:*:*:*", "matchCriteriaId": "0E1ABA58-8C64-427C-9900-782272A62A7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.15:*:*:*:*:*:*:*", "matchCriteriaId": "83C1A6A8-DD79-4BA1-A5AA-46EE4E5BCEE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.16:*:*:*:*:*:*:*", "matchCriteriaId": "CD8F406E-9BE5-4358-B290-A6823FD40380", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.17:*:*:*:*:*:*:*", "matchCriteriaId": "D8A551B1-F0A1-4873-B6D4-197777F77A53", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "AF3FD20D-00EF-4CBA-AC90-8EE73270D982", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.19:*:*:*:*:*:*:*", "matchCriteriaId": "08FD2BC4-D823-4C45-8625-D39CF2D4974C", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.20:*:*:*:*:*:*:*", "matchCriteriaId": "AF84D9E6-9044-49BC-BF3E-8F23FECAF76E", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.21:*:*:*:*:*:*:*", "matchCriteriaId": "2024ABFC-402B-4BAA-8EB0-2B83BFCDF8DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:geshi:geshi:1.0.7.22:*:*:*:*:*:*:*", "matchCriteriaId": "3DC283CF-AA72-493B-8905-2B843C80AE74", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path"}, {"lang": "es", "value": "** CUESTIONADA ** La funcion set_language_path en geshi.php en Generic Syntax Highlighter (GeSHi) antes de v1.0.8.1 podria permitir a atacantes remotos producir un ataque de conduccion de inclusion de fichero a traves de entradas manipuladas que influirian en la ruta de idioma por defecto ($path variable). NOTA: El vendedor a cuestionado esta vulnerabilidad, argumentando que solo es utilizado un valor estatico y que por lo tanto no es una vulnerabilidad en GeSHi. Identificadores CVE diferentes fueron creados para las aplicaciones web que integran GeSHi de tal modo que permiten el control de la ruta por defecto del idioma."}], "id": "CVE-2008-5186", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-21T02:30:00.517", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/49488"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32559"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=637321"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/11/10/8"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/32070"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46271"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/49488"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32559"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=637321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/11/10/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/32070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46271"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}