CVE-2018-1000550

Sažetak

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.

Reference

https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html
https://sympa-community.github.io/security/2018-001.html
https://usn.ubuntu.com/4442-1/
https://www.debian.org/security/2018/dsa-4285

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

04-08-2020 - 21:15

Objavljeno

26-06-2018 - 16:29