CVE-2017-5539

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 9.1

CVSS2: 9

EPSS Низкий

Описание

The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ../ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.

Ссылки

http://b2evolution.net/downloads/6-8-5
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95700
Third Party Advisory
VDB Entry
https://github.com/b2evolution/b2evolution/commit/e35f7c195d8c1103d2d981a48cda5ab45ecac48a
Issue Tracking
Patch
Third Party Advisory
https://github.com/b2evolution/b2evolution/issues/36
Issue Tracking
Patch
Third Party Advisory
http://b2evolution.net/downloads/6-8-5
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95700
Third Party Advisory
VDB Entry
https://github.com/b2evolution/b2evolution/commit/e35f7c195d8c1103d2d981a48cda5ab45ecac48a
Issue Tracking
Patch
Third Party Advisory
https://github.com/b2evolution/b2evolution/issues/36
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:b2evolution:b2evolution:6.8.4:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07446

Низкий

9.1 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2017-5539

CVSS3: 9.1

debian

около 9 лет назад

The patch for directory traversal (CVE-2017-5480) in b2evolution versi ...

GHSA-qm48-3ggc-g645

CVSS3: 9.1

github

больше 3 лет назад

The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.

EPSS

Процентиль: 92%

0.07446

Низкий

9.1 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-22