CVE-2013-5692

Sažetak

Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-09/0117.html
http://osvdb.org/97365
http://www.exploit-db.com/exploits/28557
https://www.htbridge.com/advisory/HTB23172

CVSS

Base:	8.5
Impact:	10.0
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

01-10-2013 - 20:01

Objavljeno

30-09-2013 - 22:55