Описание
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | pulled 2010-07-27 |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needed |
| jaunty | released | 1:0.9.16.012+dfsg-8+lenny1build0.9.04.1 |
| karmic | released | 1:0.9.16.012+dfsg-8+lenny1build0.9.10.1 |
| lucid | not-affected | 1:0.9.16.012+dfsg-10 |
| maverick | DNE | pulled 2010-07-27 |
| natty | DNE | pulled 2010-07-27 |
| oneiric | DNE | pulled 2010-07-27 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
Связанные уязвимости
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12 ...
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
EPSS
7.5 High
CVSS2