Описание
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.43 (включая)Версия до 4.1.30 (включая)Версия до 4.1.36 (включая)
Одно из
cpe:2.3:a:wsn:forum:*:*:*:*:*:*:*:*
cpe:2.3:a:wsn:gallery:*:*:*:*:*:*:*:*
cpe:2.3:a:wsn:knowledge_base:*:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.19:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.25:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.26:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.27:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.28:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.29:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.30:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.31:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.32:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.33:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.34:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.35:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.36:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.37:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.38:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.39:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.40:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.0.41:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.9:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.10:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.11:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.12:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.13:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.14:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.15:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.16:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.17:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.18:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.19:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.20:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.21:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.22:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.23:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.24:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.25:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.26:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.27:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.28:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.29:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.30:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.31:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.32:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.33:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.34:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.35:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.36:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.37:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.38:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.39:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.40:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.41:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.42:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.43:*:*:*:*:*:*:*
cpe:2.3:a:wsn:links:4.1.44:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03295
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
EPSS
Процентиль: 87%
0.03295
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22