Lucene search
HistoryJun 06, 2014 - 2:55 p.m.
CVE-2013-4728
cve-2013-4728
ddsn interactive
cm3 acora cms
vulnerability
information security
remote attack
sensitive information
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.5%
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a … (dot dot) in the “l” parameter, which reveals the installation path in an error message.
Affected configurations
Node
ddsncm3_acora_content_management_systemMatch5.5.0\/1b-p1
ORddsncm3_acora_content_management_systemMatch5.5.7\/12b
ORddsncm3_acora_content_management_systemMatch6.0.2\/1a
ORddsncm3_acora_content_management_systemMatch6.0.6\/1a
Related
cvelist
cvelist
CVE-2013-4728
2014-06-06 14:00:00
nvd
nvd
CVE-2013-4728
2014-06-06 14:55:04
prion
prion
Design/Logic Flaw
2014-06-06 14:55:00
packetstorm
packetstorm
CM3 AcoraCMS XSS / CSRF / Redirection / Disclosure
2013-08-26 00:00:00
openvas
openvas
CM3 AcoraCMS Multiple XSS, CSRF and Open Redirect Vulnerabilities
2014-04-29 00:00:00
zdt
zdt
CM3 AcoraCMS XSS / CSRF / Redirection / Disclosure Vulnerabilities
2013-08-27 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.5%
Related for CVE-2013-4728