CVE-2012-1471

Опубликовано: 01 окт. 2012

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Ссылки

http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm
Vendor Advisory
http://ocportal.com/site/news/view/ocportal-security-update.htm
Patch
Vendor Advisory
https://www.htbridge.com/advisory/HTB23078
Exploit
http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm
Vendor Advisory
http://ocportal.com/site/news/view/ocportal-security-update.htm
Patch
Vendor Advisory
https://www.htbridge.com/advisory/HTB23078
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ocportal:ocportal:*:*:*:*:*:*:*:*

Версия до 7.1.5 (включая)

cpe:2.3:a:ocportal:ocportal:4.0:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.8:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.9:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.10:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.11:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.12:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.1.13:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.2:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.2:beta1:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.2:beta2:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.2:rc1:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.2:rc2:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.2:rc3:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.3:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.3:rc1:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.3:rc2:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.3:rc3:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:5.0:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:5.0.2:beta1:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:5.1:beta1:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.0:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.0:beta1:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.0:rc3:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:6.2:rc1:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:7.0:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:7.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:7.1:beta1:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:7.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:7.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ocportal:ocportal:7.1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00302

Низкий

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2012-1471

debian

больше 13 лет назад

Directory traversal vulnerability in catalogue_file.php in ocPortal be ...

GHSA-gm2r-jhgq-w3p4

github

больше 3 лет назад