CVE-2013-0136

2022-10-0316:15:04

CWE-22

[email protected]

web.nvd.nist.gov

mutiny

editdocument servlet

directory traversal

uploadpath

paths

newpath

delete

cut

copy

arbitrary programs

denial of service

cve-2013-0136

7.3 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.076 Low

EPSS

Percentile

94.1%

JSON

Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.

Affected configurations

NVD

Node

mutinymutinyRange≤5.0-1.10

mutinymutinyMatch5.0-1.00

mutinymutiny_virtual_applianceMatch-

mutinymutiny_applianceMatch-

CPENameOperatorVersion
mutiny:mutinymutinyle5.0-1.10
mutiny:mutinymutinyeq5.0-1.00
mutiny:mutiny_virtual_appliancemutiny mutiny virtual applianceeq-
mutiny:mutiny_appliancemutiny mutiny applianceeq-

CPE	Name	Operator	Version
mutiny:mutiny	mutiny	le	5.0-1.10
mutiny:mutiny	mutiny	eq	5.0-1.00
mutiny:mutiny_virtual_appliance	mutiny mutiny virtual appliance	eq	-
mutiny:mutiny_appliance	mutiny mutiny appliance	eq	-