Описание
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
Ссылки
- Exploit
- Vendor Advisory
- Vendor Advisory
- Exploit
- Exploit
- Exploit
- Exploit
- Vendor Advisory
- Vendor Advisory
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:qooxdoo:qooxdoo:1.3:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:eyeos:eyeos:2.2:*:*:*:*:*:*:*
cpe:2.3:o:eyeos:eyeos:2.3:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06869
Низкий
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
EPSS
Процентиль: 91%
0.06869
Низкий
5 Medium
CVSS2
Дефекты
CWE-22