Lucene search

[email protected]CVE-2012-4031

HistoryJul 17, 2012 - 9:55 p.m.

CVE-2012-4031

2012-07-1721:55:02

CWE-22

[email protected]

web.nvd.nist.gov

cve

2012

4031

directory traversal

vulnerability

wangkongbao

cns-1000

cns-1100

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.22 Low

EPSS

Percentile

96.5%

JSON

Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a … (dot dot) in the (1) lang or (2) langid cookie to port 85.

Affected configurations

NVD

Node

wangkongbaocns-1000

wangkongbaocns-1100

CPENameOperatorVersion
wangkongbao:cns-1000wangkongbao cns-1000eq*
wangkongbao:cns-1100wangkongbao cns-1100eq*

CPE	Name	Operator	Version
wangkongbao:cns-1000	wangkongbao cns-1000	eq	*
wangkongbao:cns-1100	wangkongbao cns-1100	eq	*

References

osvdb.org/83636

secunia.com/advisories/49776

www.exploit-db.com/exploits/19526

www.securityfocus.com/bid/54267

exchange.xforce.ibmcloud.com/vulnerabilities/76682

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.22 Low

EPSS

Percentile

96.5%

JSON

Related for CVE-2012-4031

cvelist1 prion1 nvd1