CVE-2008-3708

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
19/08/2008
Last modified:
09/04/2025

Description

Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:dotcms:dotcms:1.6.0.9:*:*:*:*:*:*:*