CVE-2008-1606

Опубликовано: 01 апр. 2008

Источник: nvd

CVSS2: 6

EPSS Низкий

Описание

Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a ".." (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:elastic_path:elastic_path:4.1:*:*:*:*:*:*:*

cpe:2.3:a:elastic_path:elastic_path:4.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04606

Низкий

6 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-gxrp-448q-jg35

github

почти 4 года назад

Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.