exploitDog

CVE-2012-4940

Опубликовано: 31 окт. 2012

Источник: nvd

CVSS2: 6.4

EPSS Высокий

Описание

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.

Ссылки

http://www.kb.cert.org/vuls/id/586556
US Government Resource
http://www.securityfocus.com/bid/56343
http://www.kb.cert.org/vuls/id/586556
US Government Resource
http://www.securityfocus.com/bid/56343

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gecad:axigen_free_mail_server:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.8485

Высокий

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-32jr-8q2g-wwf3

github

больше 3 лет назад

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.

EPSS

Процентиль: 99%

0.8485

Высокий

6.4 Medium

CVSS2

Дефекты

CWE-22