CVE-2010-4835

Опубликовано: 14 сент. 2011

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.

Ссылки

http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt
Exploit
http://securityreason.com/securityalert/8375
http://www.exploit-db.com/exploits/15519
Exploit
http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt
Exploit
http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt
Exploit
http://securityreason.com/securityalert/8375
http://www.exploit-db.com/exploits/15519
Exploit
http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oneorzero:aims:2.6.0:*:members:*:*:*:*:*

EPSS

Процентиль: 86%

0.03036

Низкий

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-3w7x-45wj-hgjm

github

больше 3 лет назад