Lucene search

[email protected]CVE-2011-4832

HistoryDec 15, 2011 - 3:57 a.m.

CVE-2011-4832

2011-12-1503:57:34

CWE-22

[email protected]

web.nvd.nist.gov

cve

2011

4832

directory traversal

cauposhop pro

security vulnerability

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a … (dot dot) in the template parameter in a template action.

Affected configurations

NVD

Node

caupocauposhop_classicMatch3.01

caupocauposhop_proRange≤3.70

caupocauposhop_proMatch2.0

caupocauposhop_proMatch2.1

CPENameOperatorVersion
caupo:cauposhop_classiccaupo cauposhop classiceq3.01
caupo:cauposhop_procaupo cauposhop prole3.70
caupo:cauposhop_procaupo cauposhop proeq2.0
caupo:cauposhop_procaupo cauposhop proeq2.1

CPE	Name	Operator	Version
caupo:cauposhop_classic	caupo cauposhop classic	eq	3.01
caupo:cauposhop_pro	caupo cauposhop pro	le	3.70
caupo:cauposhop_pro	caupo cauposhop pro	eq	2.0
caupo:cauposhop_pro	caupo cauposhop pro	eq	2.1

References

secunia.com/advisories/46704

www.exploit-db.com/exploits/18066

www.osvdb.org/76871

www.securityfocus.com/bid/50530

exchange.xforce.ibmcloud.com/vulnerabilities/71136

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

Related for CVE-2011-4832

cvelist1 openvas2 prion1 nvd1