7.6 High
AI Score
Confidence
High
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.2%
Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via “…” sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.
CPE | Name | Operator | Version |
---|---|---|---|
a.l-pifou:a.l-pifou | a.l-pifou | eq | 1.8p2 |