Lucene search

[email protected]CVE-2015-3648

HistoryJun 09, 2015 - 2:59 p.m.

CVE-2015-3648

2015-06-0914:59:00

CWE-22

[email protected]

web.nvd.nist.gov

102

montala limited

resourcespace

cve-2015-3648

directory traversal

vulnerability

nvd

security document

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.3%

JSON

Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the defaultlanguage parameter.

CPENameOperatorVersion
montala:resourcespacemontala resourcespacele7.1.6513

CPE	Name	Operator	Version
montala:resourcespace	montala resourcespace	le	7.1.6513

References

packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html

svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=6640&peg=6738

www.securityfocus.com/archive/1/535669/100/0/threaded

www.securityfocus.com/bid/75019

www.htbridge.com/advisory/HTB23258

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.3%

JSON

Related for CVE-2015-3648

packetstorm1 nuclei1 securityvulns2 zdt1 prion1 htbridge1