CVE-2010-2850

Опубликовано: 25 июл. 2010

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.

Ссылки

http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-local-file-inclusion.html
Exploit
http://packetstormsecurity.org/1007-exploits/nubuilder-lfi.txt
Exploit
http://secunia.com/advisories/40483
Vendor Advisory
http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fab
Patch
http://www.osvdb.org/66006
Exploit
http://www.securityfocus.com/bid/41404
Exploit
http://www.vupen.com/english/advisories/2010/1726
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60138
http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-local-file-inclusion.html
Exploit
http://packetstormsecurity.org/1007-exploits/nubuilder-lfi.txt
Exploit
http://secunia.com/advisories/40483
Vendor Advisory
http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fab
Patch
http://www.osvdb.org/66006
Exploit
http://www.securityfocus.com/bid/41404
Exploit
http://www.vupen.com/english/advisories/2010/1726
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60138

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nusoftware:nubuilder:*:*:*:*:*:*:*:*

Версия до 10.04.20 (включая)

cpe:2.3:a:nusoftware:nubuilder:09.06.10:*:*:*:*:*:*:*

cpe:2.3:a:nusoftware:nubuilder:09.06.26:*:*:*:*:*:*:*

cpe:2.3:a:nusoftware:nubuilder:09.07.24:*:*:*:*:*:*:*

cpe:2.3:a:nusoftware:nubuilder:09.08.20:*:*:*:*:*:*:*

cpe:2.3:a:nusoftware:nubuilder:09.09.23:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08387

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-xqr2-7pjv-2gjp

github

больше 3 лет назад