Lucene search

[email protected]CVE-2014-2279

HistoryOct 17, 2014 - 11:55 p.m.

CVE-2014-2279

2014-10-1723:55:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-2279

seeddms

directory traversal

vulnerability

remote code execution

nvd

7.3 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON

Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a … (dot dot) in the logname parameter to out/out.LogManagement.php or (2) remote attackers to write to arbitrary files via a … (dot dot) in the fileId parameter to op/op.AddFile2.php. NOTE: vector 2 can be leveraged to execute arbitrary code by using CVE-2014-2278.

CPENameOperatorVersion
seeddms:seeddmsseeddmsle4.3.3

CPE	Name	Operator	Version
seeddms:seeddms	seeddms	le	4.3.3

References

archives.neohapsis.com/archives/bugtraq/2014-03/0101.html

osvdb.org/show/osvdb/104466

packetstormsecurity.com/files/125726

sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG

www.securityfocus.com/bid/66256

exchange.xforce.ibmcloud.com/vulnerabilities/91831

7.3 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2014-2279

prion2 cve1 zdt1 packetstorm1 securityvulns2 seebug2