CVE-2008-0466
Webwiz Web Wiz Forums - Authentication Bypass
Title source: ruleDescription
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by BugReport.IR · textwebappsasp
https://www.exploit-db.com/exploits/4971
exploitdb
WRITEUP
VERIFIED
by BugReport.IR · textwebappsasp
https://www.exploit-db.com/exploits/4970
References (10)
Scores
EPSS
0.1228
EPSS Percentile
93.7%
Classification
CWE
CWE-287
Status
draft
Affected Products (3)
webwiz/web_wiz_forums
webwiz/web_wiz_newspad
webwiz/web_wiz_rich_text_editor
Timeline
Published
Jan 29, 2008
Tracked Since
Feb 18, 2026