CVE-2007-2252

Опубликовано: 25 апр. 2007

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.

Ссылки

http://osvdb.org/35051
http://secunia.com/advisories/24934
Vendor Advisory
http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10
http://www.securityfocus.com/bid/23574
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/33936
http://osvdb.org/35051
http://secunia.com/advisories/24934
Vendor Advisory
http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10
http://www.securityfocus.com/bid/23574
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/33936

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:exponent:exponent_cms:0.96.5_rc1:*:*:*:*:*:*:*

cpe:2.3:a:exponent:exponent_cms:0.96.6_alpha:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04597

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-q26c-r44c-gj49

github

почти 4 года назад