Описание
Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Комментарий
CVE description identifies vulnerability as remote attacker, but both links describe vulnerability as local-file inclusion.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
EPSS
3.6 Low
CVSS2
Дефекты
Связанные уязвимости
Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EPSS
3.6 Low
CVSS2