Lucene search

[email protected]CVE-2013-1641

HistoryOct 26, 2014 - 5:55 p.m.

CVE-2013-1641

2014-10-2617:55:04

CWE-22

[email protected]

web.nvd.nist.gov

cve

2013

1641

directory traversal

vulnerability

quixplorer

remote attack

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.083 Low

EPSS

Percentile

94.4%

JSON

Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a … (dot dot) in the selitems[] parameter in a download_selected action to index.php.

Affected configurations

NVD

Node

quixplorerquixplorerRange≤2.5.4

CPENameOperatorVersion
quixplorer:quixplorerquixplorerle2.5.4

CPE	Name	Operator	Version
quixplorer:quixplorer	quixplorer	le	2.5.4

References

secunia.com/advisories/55725

exchange.xforce.ibmcloud.com/vulnerabilities/89059

github.com/realtimeprojects/quixplorer

github.com/realtimeprojects/quixplorer/blob/v2.5.5/doc/RELEASES.md

github.com/realtimeprojects/quixplorer/commit/7ac119cebd3b6bfe16a30fd1d5290127310a4436

www3.trustwave.com/spiderlabs/advisories/TWSL2013-030.txt

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.083 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2013-1641

prion1 nvd1 cvelist1 openvas1