Unrated severityNVD Advisory· Published Jan 29, 2008· Updated Apr 23, 2026

CVE-2008-0466

Description

Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.

Affected products

Webwiz/Web Wiz Forums
cpe:2.3:a:webwiz:web_wiz_forums:9.07:*:*:*:*:*:*:*
Webwiz/Newspad
cpe:2.3:a:webwiz:web_wiz_newspad:1.02:*:*:*:*:*:*:*
Webwiz/Rich Text Editor
cpe:2.3:a:webwiz:web_wiz_rich_text_editor:4.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securityreason.com/securityalert/3584nvd
securitytracker.com/idnvd
www.bugreport.irnvd
www.bugreport.irnvd
www.securityfocus.com/archive/1/486866/100/0/threadednvd
www.securityfocus.com/archive/1/486868/100/0/threadednvd
www.securityfocus.com/bid/27419nvd
www.webwizguide.com/webwizrichtexteditor/kb/release_notes.aspnvd
www.exploit-db.com/exploits/4970nvd
www.exploit-db.com/exploits/4971nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000