CVE-2010-4931

Опубликовано: 09 окт. 2011

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party

Ссылки

http://attrition.org/pipermail/vim/2010-August/002391.html
Exploit
Third Party Advisory
http://www.exploit-db.com/exploits/14647
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/42456
Exploit
Third Party Advisory
VDB Entry
http://attrition.org/pipermail/vim/2010-August/002391.html
Exploit
Third Party Advisory
http://www.exploit-db.com/exploits/14647
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/42456
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:php-fusion:php-fusion:-:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05358

Низкий

10 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-rw3v-9376-3qfw

github

больше 3 лет назад

** DISPUTED ** Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party.