Lucene search

[email protected]NVD:CVE-2010-1951

HistoryMay 19, 2010 - 12:07 p.m.

CVE-2010-1951

2010-05-1912:07:52

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.008

Percentile

82.1%

JSON

Multiple directory traversal vulnerabilities in 60cycleCMS allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the DOCUMENT_ROOT parameter to (1) news.php, (2) submitComment.php, and (3) sqlConnect.php.

Affected configurations

Nvd

Node

60cyclecms_project60cyclecmsMatch2.5.2

VendorProductVersionCPE
60cyclecms_project60cyclecms2.5.2cpe:2.3:a:60cyclecms_project:60cyclecms:2.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
60cyclecms_project	60cyclecms	2.5.2	cpe:2.3:a:60cyclecms_project:60cyclecms:2.5.2:::::::*

References

www.exploit-db.com/exploits/12249

www.securityfocus.com/archive/1/510721/100/0/threaded

www.securityfocus.com/bid/39473

exchange.xforce.ibmcloud.com/vulnerabilities/57873

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.008

Percentile

82.1%

JSON

Related for NVD:CVE-2010-1951

exploitdb1 cve1 prion1 cvelist1