exploitDog

CVE-2000-1229

Опубликовано: 31 дек. 2000

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3.

Ссылки

http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html
Exploit
Patch
Vendor Advisory
http://hispahack.ccc.de/mi020.html
http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm
http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html
Exploit
Patch
Vendor Advisory
http://hispahack.ccc.de/mi020.html
http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00576

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-88hx-73hq-hqfj

github

больше 3 лет назад

Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3.

EPSS

Процентиль: 68%

0.00576

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other