Lucene search

[email protected]CVE-2011-4713

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-4713

2022-10-0316:15:13

CWE-22

[email protected]

web.nvd.nist.gov

cve-2011-4713

directory traversal

remote attack

file access

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.072 Low

EPSS

Percentile

94.1%

JSON

Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a … (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.

Affected configurations

NVD

Node

oscssoscssRange≤2.10prerc31

oscssoscssMatch1.0

oscssoscssMatch1.1

oscssoscssMatch1.2.2rc_c

oscssoscssMatch2.10prerc_f

oscssoscssMatch2.10prerc_g1

oscssoscssMatch2.10prerc12

oscssoscssMatch2.10prerc30

oscssoscssMatch2.10rc5

CPENameOperatorVersion
oscss:oscssoscssle2.10
oscss:oscssoscsseq1.0
oscss:oscssoscsseq1.1
oscss:oscssoscsseq1.2.2

CPE	Name	Operator	Version
oscss:oscss	oscss	le	2.10
oscss:oscss	oscss	eq	1.0
oscss:oscss	oscss	eq	1.1
oscss:oscss	oscss	eq	1.2.2

References

forums.oscss.org/2-security/oscss2-id-parameter-local-file-inclusion-t1999.html#p11194

oscss.svn.sourceforge.net/viewvc/oscss?view=revision&revision=3872

seclists.org/fulldisclosure/2011/Nov/117

secunia.com/advisories/46741

www.exploit-db.com/exploits/18099

www.rul3z.de/advisories/SSCHADV2011-034.txt

www.securityfocus.com/archive/1/520421

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.072 Low

EPSS

Percentile

94.1%

JSON

Related for CVE-2011-4713

cvelist1 openvas1 prion1 nvd1