Описание
Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:devraj_mukherjee:openterracotta:0.6.1:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00951
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php.
EPSS
Процентиль: 76%
0.00951
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22