CVE-2012-6038

Sažetak

admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."

Reference

http://osvdb.org/78230
http://secunia.com/advisories/47461
http://www.exploit-db.com/exploits/18344
http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip
http://www.securityfocus.com/bid/51344
https://exchange.xforce.ibmcloud.com/vulnerabilities/72268

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:32

Objavljeno

26-11-2012 - 22:55