CVE-2014-2069

Опубликовано: 16 апр. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.

Ссылки

http://seclists.org/fulldisclosure/2014/Feb/219
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/65740
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/91463
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2014/Feb/219
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/65740
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/91463
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eshtery.she7ata:eshtery_cms:-:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.25344

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-8v54-89gr-p9gq