Lucene search

[email protected]CVE-2012-1207

HistoryFeb 24, 2012 - 1:55 p.m.

CVE-2012-1207

2012-02-2413:55:07

CWE-22

[email protected]

web.nvd.nist.gov

cve-2012-1207

directory traversal

fork cms

remote attack

vulnerability

nvd

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

79.0%

JSON

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a … (dot dot) in the module parameter to frontend/js.php.

Affected configurations

NVD

Node

fork-cmsfork_cmsMatch3.2.4

CPENameOperatorVersion
fork-cms:fork_cmsfork-cms fork cmseq3.2.4

CPE	Name	Operator	Version
fork-cms:fork_cms	fork-cms fork cms	eq	3.2.4

References

packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.html

www.fork-cms.com/blog/detail/fork-cms-3-2-5-released

www.securityfocus.com/bid/51972

exchange.xforce.ibmcloud.com/vulnerabilities/73169

github.com/forkcms/forkcms/commit/a9986b86c53de0582248b39605660fbba0c21a29

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2012-1207

prion1 cvelist1 osv1 github1 nvd1 openvas2