Описание
Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function.
Ссылки
- URL Repurposed
- PatchVendor Advisory
- ExploitPatchVendor Advisory
- URL Repurposed
- PatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:care_2002:care_2002:1.0:*:*:*:*:*:*:*
cpe:2.3:a:care_2002:care_2002:1.0.01:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02169
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function.
EPSS
Процентиль: 84%
0.02169
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other