CVE-2008-5186 (GCVE-0-2008-5186)
Vulnerability from cvelistv5 – Published: 2008-11-21 02:00 – Updated: 2024-08-07 10:40 Disputed
VLAI?
Summary
The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "geshi-unspecified-code-execution(46271)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46271"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=637321"
},
{
"name": "32559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32559"
},
{
"name": "32070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32070"
},
{
"name": "[oss-security] 20081110 GeSHi: Clarification about the recent security (non-)issues (SA32559)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/8"
},
{
"name": "49488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "geshi-unspecified-code-execution(46271)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46271"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=637321"
},
{
"name": "32559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32559"
},
{
"name": "32070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32070"
},
{
"name": "[oss-security] 20081110 GeSHi: Clarification about the recent security (non-)issues (SA32559)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/8"
},
{
"name": "49488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49488"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "geshi-unspecified-code-execution(46271)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46271"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=637321",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=637321"
},
{
"name": "32559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32559"
},
{
"name": "32070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32070"
},
{
"name": "[oss-security] 20081110 GeSHi: Clarification about the recent security (non-)issues (SA32559)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/8"
},
{
"name": "49488",
"refsource": "OSVDB",
"url": "http://osvdb.org/49488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5186",
"datePublished": "2008-11-21T02:00:00.000Z",
"dateReserved": "2008-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:40:17.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2008-5186",
"date": "2026-05-01",
"epss": "0.0093",
"percentile": "0.76194"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-5186\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-11-21T02:30:00.517\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path\"},{\"lang\":\"es\",\"value\":\"** CUESTIONADA ** La funcion set_language_path en geshi.php en Generic Syntax Highlighter (GeSHi) antes de v1.0.8.1 podria permitir a atacantes remotos producir un ataque de conduccion de inclusion de fichero a traves de entradas manipuladas que influirian en la ruta de idioma por defecto ($path variable). NOTA: El vendedor a cuestionado esta vulnerabilidad, argumentando que solo es utilizado un valor estatico y que por lo tanto no es una vulnerabilidad en GeSHi. Identificadores CVE diferentes fueron creados para las aplicaciones web que integran GeSHi de tal modo que permiten el control de la ruta por defecto del idioma.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.8\",\"matchCriteriaId\":\"1142B5BC-0D42-47ED-B929-F4BAB5553D23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EF8085F-C8FA-4B7D-BE6B-46BD37599235\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E8640CA-5302-491A-91E7-0D559966F153\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C7035B2-576E-4DB8-8F43-785FCE8D3077\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.2_beta_1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63A062D8-2DE6-44F4-9CCF-BE2996F8A2DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BACADB05-ABC5-4565-93C8-9545B16FC900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6243E133-0612-4FF1-81D1-758F5B55AEE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A87C84D-044C-45E4-8FE9-EB6169CE8D93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E021E26-9C91-4644-8FFC-95F240E27F06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89D678F7-99E0-448A-89A6-EFFBB3B4060E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF5342B1-7CC5-4A5B-B7A2-260E5B6983ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C72BCBFB-A9F1-43F0-9AFA-1C26D152ECED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"755F9D37-D32E-4B2F-9BA3-0853A554C6A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAB3F2AE-6353-4DE6-80FC-C83663975CC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A4393E5-14CC-4973-8D00-F2D22DDD6293\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A9A6873-3024-40FE-BD9E-D5D225C0A5A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E30A75B-5B35-4E92-95A2-E055810993F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10EA5DE1-21D3-4CCC-BC3A-1165A69E0223\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98105060-6780-4835-8092-B49130922690\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3781AE2D-B315-452B-975A-5DA1B5A435C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBC96172-DB75-4F16-A615-A52F6EAB9250\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDECF138-3450-4DA4-8FD9-FAB6D6FE3326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62615324-C582-4008-A22E-E8203A3F4EE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E1ABA58-8C64-427C-9900-782272A62A7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83C1A6A8-DD79-4BA1-A5AA-46EE4E5BCEE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD8F406E-9BE5-4358-B290-A6823FD40380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8A551B1-F0A1-4873-B6D4-197777F77A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3FD20D-00EF-4CBA-AC90-8EE73270D982\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08FD2BC4-D823-4C45-8625-D39CF2D4974C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF84D9E6-9044-49BC-BF3E-8F23FECAF76E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2024ABFC-402B-4BAA-8EB0-2B83BFCDF8DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geshi:geshi:1.0.7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DC283CF-AA72-493B-8905-2B843C80AE74\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/49488\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32559\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=637321\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/11/10/8\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/32070\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46271\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/49488\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=637321\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/11/10/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/32070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…